https://sched.co/GrZi In recent headlines, there are increasing news about cloud resources getting hacked caused by attacks on Kubernetes clusters. Failing to properly secure your Kubernetes data can result in cloud resources getting hacked and your application secrets getting stolen. The etcd database contains information that may grant an attacker significant visibility into the state of your cluster. This presentation focuses on how to use the encryption at rest with Key Management Service feature to encrypt secret resources in etcd, and for secret data stored outside of Kubernetes, how we can mount them into our containers using key vault flexvolume and how we can restrict access to them using pod identity.