The trio arrives at a cliff. Gord hits the ground with her sword, and then there is a rumble. A hidden pathway reveals itself, leading down the cliffside.
"Stay here," Gord instructs Rothütle and YAML. "I will take a look." She descends the path cautiously.
Rothütle and YAML wait outside. After a few tense minutes, Rothütle hears a movement from among the trees. He looks back at YAML and he seems calm. Then he descends the path as well to find Gord.
Gord is in a chamber carved into the cliffside. In the center is a pedestal with an ornate box—the artifact. Gord approaches it carefully.
"There is someone here in the shadows," Rothütle says, stepping into the chamber.
"Take the artifact and run," a voice hisses from the darkness. A whisper in Rothütle's ear. "It will protect you."
He steps back sharply, checking the shadows. Gord understands immediately. "It's Angra," she says. "Ignore him."
Then she gives Rothütle a long look. "It was a great journey we had together, don't you think?"
Rothütle nods, confused. "Yes, but what do you mean?"
"I just had a moment alone here, and...," Gord pauses.
"You can go to the castle with YAML while I secure the Okterakt."
Rothütle hesitates. "How much longer do you need? I think I can stand guard outside for a bit."
She steps closer and punches him lightly in the shoulder.
"See you in the castle, Rothütle."
Rothütle leaves the chamber reluctantly and tells YAML that they need to head back to the castle. As they walk away, Rothütle glances back at the chamber one last time.
Tip of the day: Keep your secrets safe!
Security Tip #19: Secret Management
In a Kubernetes cluster, secrets such as passwords, tokens, and keys need to be managed securely. Kubernetes provides a built-in resource called Secrets to store sensitive information. However, it's crucial to follow best practices for secret management to ensure the security of your applications.
I have seen many cases where secret resources were stored in plain text within YAML files, committed to version control. This is a major security risk, as anyone with access to the repository can retrieve the secrets.
Here are some best practices for managing secrets in Kubernetes:
- Use a dedicated secret management tool like HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault to store and manage secrets securely.
- You can connect these tools to Kubernetes using external secret operators, which automatically sync secrets from the external store to Kubernetes Secrets.
- Avoid storing secrets in plain text within YAML files or version control systems.
- Use Kubernetes RBAC to restrict access to secrets only to the necessary service accounts and users.
- Regularly rotate secrets to minimize the risk of compromise.
- Use Infrastructure as Code (IaC) tools to randomly generate secrets during deployment, rather than hardcoding them.
Angra is out there whispering in the shadows, and Jack is trying to steal your secrets. Don't let them succeed!
📘 Learn Docker and Kubernetes Security
To learn how legacy systems impact modern container security — and how to modernize safely — check out my book Docker and Kubernetes Security, currently 40% off.
🔗 buy.DockerSecurity.io
💬 Code: BLACKFOREST25
👉 To have the story delivered to your inbox every day in December, subscribe to my Medium publications.
Top comments (0)