Jun 16, 2026
Kubernetes security and operations often fail in the uncomfortable space between what looks risky and what teams are actually willing to change in production.
Valentin I explains how he thinks about safer production changes, why quantum-safe encryption matters in Kubernetes-connected environments, and why Kubernetes secrets should never be treated as sufficient protection on their own.
Bart Farrell: Who are you, what's your role, and where do you work?
Valentin I: Hi, I'm Valentin. I work as a Senior Software Engineer at SSH. In my team, which is Privex, we do software that manages secure access to your privileged hosts. One of our deployment targets that we give to our customers is Kubernetes. As such, our presence at this event.
Bart Farrell: A Kubernetes setting can look wrong but still feel risky to change once it is already in production. Requests, limits, auto-scaling, or probes. What would you tell a team that sees the problem, but is nervous the fix could cause an outage?
Valentin I: this is a horrible situation to find yourself in and there will be many solutions from the technological point of view, but I would personally prefer to not even get to this position. it would be important to actually have team processes and something that is always documented so that you have the string of things that would happen. In our case, if the Kubernetes access would actually be mediated by our product, you would be able to actually monitor the whole stream of accesses and everything that was changed previously in Kubernetes.
Bart Farrell: For people that are total beginners to quantum safe encryption in a Kubernetes context, what problem are you trying to solve?
Valentin I: That would be a separate product that SSH offers, which would make sure that the physical connection actually is quantum and encrypted between two different sites of your company. In this case, it would be towards wherever you have your server rack with the Kubernetes clusters and wherever the main point of main office that you would connect to. we are very close to the cusp of the quantum storm, as researchers call it right now, and it would be very useful to be prepared to have the change of your communication to go on post. on quantum-safe algorithms. In our case, that would come with the hardware also.
Bart Farrell: Now, there's been a bit of gossip recently in the Kubernetes ecosystem around secrets. Are we finally done pretending Kubernetes secrets are enough?
Valentin I: Kubernetes secrets were never enough, and as in SSH, we care most about the security of your secrets. It's something that whenever a newcomer in our team asks, we are always do not trust that. Although it's called secret, it was never meant to be so. You need to vault that and you should choose a solution that fits your environment or your organization.
