Overview
Explore the process of protecting sensitive code using encrypted container images on Kubernetes in this 32-minute conference talk by Brandon Lum and Harshal Patil from IBM. Learn about the importance of safeguarding critical algorithms, proprietary code, and highly sensitive content from unencrypted exposure. Discover the end-to-end process of creating encrypted containers during the build process and running them on a Kubernetes cluster using ImageDecryptSecrets. Examine how the Encrypted Images OCI spec enables fine-grained encryption through container image layering. Gain insights into the integration of Image Encryption within the container ecosystem and explore potential innovations in the container DevSecOps pipeline. Delve into topics such as symmetric and asymmetric encryption, OCI spec changes, and encryption on layers. Acquire valuable knowledge on protecting trade secrets and proprietary information in enterprise environments.
Syllabus
Intro
Registry
Scenario
Demo
Thank you
Deep Dive
Symmetric Encryption
Asymmetric Encryption
What we do
The symmetric key
The private key
OCI spec changes
Encryption on layers
Wrap up
Resources needed
Taught by
Linux Foundation