Virtual Event
July 30–August 1, 2020
Learn More and Register to Attend This Event

To view the Chinese version of this schedule please go here.

Please note: This schedule is automatically displayed in China Standard Time (CST). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Friday, July 31 • 20:10 - 20:40
Putting an Invisible Shield on Kubernetes Secrets - Kailun Qin, Ant Group

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
K8S secrets are widely applied in production to keep sensitive information managed in store. The integration to a KMS even with hardware-based plugins does enhance the protection but is far from enough, especially for financial-grade security requirements. Lacking of an end-to-end secret hardening solution, the attack surface remains largely unprotected from the threats within the other key elements/flows in a K8S cluster.
With a convergence of Trusted Execution Environment (TEE) and enhanced authentication, this session explores an answer to guard K8S secrets while in use, at rest, and in transit. Changes are made for kubectl, K8S master and node to guarantee the availability but confidentiality of secrets. The TEE transparency to both developers and users will be elaborated and showcased with a demo. Finally, the practice experience at Alibaba and the KEP to community will be shared.

avatar for Kailun Qin

Kailun Qin

Senior Software Engineer, Ant Group
Kailun Qin is a Senior Software Engineer of the Trust-Native Tech Team at Ant Group, with a focus on trusted computing and cloud security etc. Since 2018 Kailun has been working on cloud and edge related open source technologies such as OpenStack, Kubernetes, StarlingX, Akraino, ONAP... Read More →

Friday July 31, 2020 20:10 - 20:40 CST
Virtual Room 4