#security

10 posts

SealedSecrets: Storing Secrets in Git Without the Risk

SealedSecrets: Storing Secrets in Git Without the Risk

How SealedSecrets lets you commit encrypted secrets to Git safely, why the real risk is losing the controller's private key, and how to back it up.

Network Policies with Calico: Default Deny and Namespace Isolation

Network Policies with Calico: Default Deny and Namespace Isolation

Rolling out default-deny NetworkPolicies and namespace isolation with Calico without breaking DNS, ingress, or admission webhooks.

Agent Glass-Break Patterns: Controlled Escalation for Production

Agent Glass-Break Patterns: Controlled Escalation for Production

How to implement controlled escalation for AI agents using safeBins and network-level constraints to prevent production catastrophes.

Kubernetes RBAC: Building Least-Privilege Service Accounts

Kubernetes RBAC: Building Least-Privilege Service Accounts

Moving beyond cluster-admin for everything. A practical approach to scoping ServiceAccount permissions for production workloads and AI agents.

Privacy-Routed LLM Inference: Keeping Sensitive Data Out of the Cloud

Privacy-Routed LLM Inference: Keeping Sensitive Data Out of the Cloud

How to build a routing layer for AI agents that ensures sensitive data stays on local hardware while leveraging cloud LLMs for non-private tasks.

Kyverno Admission Controllers: Policy-as-Code That Actually Works

Kyverno Admission Controllers: Policy-as-Code That Actually Works

Moving beyond the happy path of Kubernetes policy enforcement. Real-world Kyverno pitfalls, mutation loops, and the gap between docs and production.

SealedSecrets Key Backup: Don't Lose Your Encryption Keys

SealedSecrets Key Backup: Don't Lose Your Encryption Keys

How to back up and recover SealedSecrets encryption keys in Kubernetes

MQTT Broker Selection: HiveMQ vs Mosquitto for Industrial Use

MQTT Broker Selection: HiveMQ vs Mosquitto for Industrial Use

Comparing HiveMQ and Mosquitto for industrial IoT: scalability, security, and reliability

Proxmox API Tokens: Bash History Expansion and the ! Character

Proxmox API Tokens: Bash History Expansion and the ! Character

Bash history expansion breaks Proxmox API tokens — here's how to fix it

Agent Credential Management: Two-Tier Service Accounts for Secure AI Agent Workflows

Agent Credential Management: Two-Tier Service Accounts for Secure AI Agent Workflows

Managing agent credentials with two-tier service accounts: a secure approach for AI agent orchestration

← All tags