Say hello to Berglas — a way to keep your Secrets a Secret

1. Berglas CLI installation on Cloud Shell
2. Use the CLI to bootstrap secrets in a bucket or secret manager
3. KMS keyrings are created to symmetrically to encrypt Secrets
4. Deploy the cloud function that acts a webhook mutation endpoint
5. Deploy the Webook Mutating Webhook config referencing endpoint
6. Create a berglas secret, grant access to a cloud service account
7. Create and Annotate k8s service acct to Cloud service acct
8. Change PodSpec to reference Berglas Secret
Google Kubernetes Engine
Cloud Run
Cloud Build
Cloud Functions
AppEngine Standard & Flex
Init Scripts / Ansible scripts for Google Compute Engine

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store