SealedSecrets: Storing Secrets in Git Without the Risk
How SealedSecrets lets you commit encrypted secrets to Git safely, why the real risk is losing the controller's private key, and how to back it up.
10 posts
How SealedSecrets lets you commit encrypted secrets to Git safely, why the real risk is losing the controller's private key, and how to back it up.
Rolling out default-deny NetworkPolicies and namespace isolation with Calico without breaking DNS, ingress, or admission webhooks.
How to implement controlled escalation for AI agents using safeBins and network-level constraints to prevent production catastrophes.
Moving beyond cluster-admin for everything. A practical approach to scoping ServiceAccount permissions for production workloads and AI agents.
How to build a routing layer for AI agents that ensures sensitive data stays on local hardware while leveraging cloud LLMs for non-private tasks.
Moving beyond the happy path of Kubernetes policy enforcement. Real-world Kyverno pitfalls, mutation loops, and the gap between docs and production.
How to back up and recover SealedSecrets encryption keys in Kubernetes
Comparing HiveMQ and Mosquitto for industrial IoT: scalability, security, and reliability
Bash history expansion breaks Proxmox API tokens — here's how to fix it
Managing agent credentials with two-tier service accounts: a secure approach for AI agent orchestration