Why Kubernetes Secrets Were Never Enough

Why Kubernetes Secrets Were Never Enough

Jun 16, 2026

Guest:

  • Valentin I

Kubernetes security and operations can be challenging, especially when teams worry about making changes that might seem risky. This interview is for teams who want to boost security and reliability without making their production systems more fragile.

Valentin I. talks about how safer changes in production rely on good processes and clear records. He also explains why quantum-safe encryption is important for Kubernetes environments, and why Kubernetes secrets alone are not enough to keep things secure.

In this interview:

  • How having clear workflows, traceability, and visibility can make fixing issues in production safer

  • Why quantum-safe encryption matters before cryptographic migration becomes urgent

  • Why relying only on Kubernetes secrets is not enough for strong secret management

The conversation covers how to keep Kubernetes secure, why you need better processes, stronger assumptions, and tighter security controls than those that come by default.

Subscribe to KubeFM Weekly

Get the latest Kubernetes videos delivered to your inbox every week.

or subscribe via

Transcription

Bart Farrell: Who are you, what's your role, and where do you work?

Valentin I: Hi, I'm Valentin. I work as a Senior Software Engineer at SSH. In my team, which is Privex, we do software that manages secure access to your privileged hosts. One of our deployment targets that we give to our customers is Kubernetes. As such, our presence at this event.

Bart Farrell: A Kubernetes setting can look wrong but still feel risky to change once it is already in production. Requests, limits, auto-scaling, or probes. What would you tell a team that sees the problem, but is nervous the fix could cause an outage?

Valentin I: this is a horrible situation to find yourself in and there will be many solutions from the technological point of view, but I would personally prefer to not even get to this position. it would be important to actually have team processes and something that is always documented so that you have the string of things that would happen. In our case, if the Kubernetes access would actually be mediated by our product, you would be able to actually monitor the whole stream of accesses and everything that was changed previously in Kubernetes.

Bart Farrell: For people that are total beginners to quantum safe encryption in a Kubernetes context, what problem are you trying to solve?

Valentin I: That would be a separate product that SSH offers, which would make sure that the physical connection actually is quantum and encrypted between two different sites of your company. In this case, it would be towards wherever you have your server rack with the Kubernetes clusters and wherever the main point of main office that you would connect to. we are very close to the cusp of the quantum storm, as researchers call it right now, and it would be very useful to be prepared to have the change of your communication to go on post. on quantum-safe algorithms. In our case, that would come with the hardware also.

Bart Farrell: Now, there's been a bit of gossip recently in the Kubernetes ecosystem around secrets. Are we finally done pretending Kubernetes secrets are enough?

Valentin I: Kubernetes secrets were never enough, and as in SSH, we care most about the security of your secrets. It's something that whenever a newcomer in our team asks, we are always do not trust that. Although it's called secret, it was never meant to be so. You need to vault that and you should choose a solution that fits your environment or your organization.

Subscribe to KubeFM Weekly

Get the latest Kubernetes videos delivered to your inbox every week.

or subscribe via