Berglas: a painless way to manage secrets in Google Kubernetes Engine
When deploying complex SaaS platforms, secrets can quickly become the bane of one’s existence. I once wrote about how we ran out of space for our environment variables (in Elastic Beanstalk) because we had so many API keys and secrets. But those were the bad old days.
Things got better after we discovered Berglas. It’s an open-source tool that interfaces with Google Cloud services while at the same time abstracting away all the complexity. Under the hood, it uses the Key Management Service (KMS) to encrypt secrets and Storage Buckets to store them. Alternatively, it can also use the new Google Secret Manager, but I’ll get to that later.
It’s secure. It’s simple. It’s easy to use. I’m going to show you exactly how easy in a minute.
After that, I’ll briefly talk about the other options and why we’re not keen on them — these are options such as:
- Kubernetes Secrets: The built-in Kubernetes solution has a number of drawbacks.
- Third-party tools like Vault: Powerful but…
