We are looking at GitOps for our Kubernetes clusters. By making Git the "single source of truth," what are the specific security risks we need to mitigate regarding secret management and repository access control?
3 answers
The biggest risk in GitOps is accidentally committing plain-text secrets to your repository. In a DevOps workflow, you should use tools like Sealed Secrets or integration with a Vault (like HashiCorp Vault) to ensure that only encrypted data lives in Git. ArgoCD or Flux then decrypts these at runtime within the cluster. Additionally, your Git repository becomes the "keys to the kingdom," so you must enforce strict branch protection, mandatory PR reviews, and multi-factor authentication for every developer with write access.
Do you recommend a "push-based" or "pull-based" approach when it comes to keeping your cluster synchronized with the Git repository for maximum security?
You should also look into OPA (Open Policy Agent) to enforce policies on what can actually be deployed, preventing unauthorized resource types from entering the cluster.
Great point, Jean. Policy as Code is the next logical step for any mature DevOps team using GitOps to ensure compliance and security standards are met.
Pull-based is generally more secure for DevOps, Harold. With a pull-based tool like ArgoCD, the agent stays inside your cluster and reaches out to Git. This means you don't have to open your firewall to allow external CI tools to "push" changes into your cluster, which significantly reduces your attack surface.