Menu
With a Kubernetes cluster in place, what would be the alternative way to send configurations/passwords into containers? I know about the secrets way but what I'm looking for is a centralised environment that has the password encrypted, not base64 encoded.
456
asked Oct 27 '25 04:10
You could also consider Kamus (and KamusSecret, see at the end):
An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications.
Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes.
The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES).
To learn more about Kamus, check out the blog post and slides.helm repo add soluto https://charts.soluto.io helm upgrade --install kamus soluto/kamusArchitecture: Kamus has 3 components:
- Encrypt API
The encrypt and decrypt APIs handle encryption and decryption requests. The KMS is a wrapper for various cryptographic solutions. Currently supported:
- AES - uses one key for all secrets
- Azure KeyVault - creates one key per service account.
- Google Cloud KMS - creates one key per service account.
As noted by Omer Levi Hevroni in the comments:
We are not planning to support env vars directly, as there are some security issues with using them.
As an alternative, you can use KamusSecret to create a regular secret and mount it
KamusSecret works very similary to regular secret encryption flow with Kamus.
The encrypted data is represented in a format that is identical to regular Kubernetes Secrets.
Kamus will create an identical secret with the decrypted content.
187
You should try Vault by HashiCorp.
The key features of Vault are:
Here is an example of using Vault + Kubernetes
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
