Overview
Explore the newly-added native support for secrets in Mesos in this 47-minute conference talk by Vinod Kone from Mesosphere, Inc. Discover how the Secrets API allows Mesos to inject sensitive information into container environments or sandboxes without exposing it to unauthorized actors. Learn about the advantages of this approach, which eliminates the need for explicit storage of sensitive information in task configurations. Understand the "Secrets Resolver" module interface and its integration capabilities with third-party secret stores like HashiCorp's Vault. Gain insights into various use cases, types of secrets, and the architecture behind this feature. Watch a demonstration showcasing secrets in action and explore future developments in this area. Delve into topics such as application secrets, URI hacks, authentication, image pool secrets, environment-based secrets, volume-based secrets, and file-based secrets. Get answers to questions about backup mechanisms, automatic backups, and limitations of the Secret Resolver on the Master.
Syllabus
Intro
What is a secret
How to handle secrets
Use cases for secrets
Application secrets
URI hack
Authentication
Use Cases
Solution
Types of Secrets
Architecture
Image Pool Secrets
Workflow
Environment
Environment Example
Volume Protobuf
Volume Based Secrets
Executive Based Authentication
FileBased Secrets
Future Work
Acknowledgements
Design Docs
Questions
Backup Mechanism
Automatic Backups
Which bits work with Mesos executor
Using the Secret Resolver on the Master
Secret Resolver Limitations
Taught by
Linux Foundation