With a Kubernetes cluster in place, what would be the alternative way to send configurations/passwords into containers? I know about the secrets way but what I'm looking for is a centralised environment that has the password encrypted, not base64 encoded.
You should try Vault by HashiCorp.
The key features of Vault are:
Here is an example of using Vault + Kubernetes
You could also consider Kamus:
An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications.
Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes.
The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES).
To learn more about Kamus, check out the blog post and slides.
helm repo add soluto https://charts.soluto.io
helm upgrade --install kamus soluto/kamusArchitecture: Kamus has 3 components:
- Encrypt API
- Decrypt API
- Key Management System (KMS)
The encrypt and decrypt APIs handle encryption and decryption requests. The KMS is a wrapper for various cryptographic solutions. Currently supported:
- AES - uses one key for all secrets
- Azure KeyVault - creates one key per service account.
- Google Cloud KMS - creates one key per service account.