Secrets management in Kubernetes: A decision framework for platform teams

Most platform teams do not choose a secrets management strategy; they accumulate one. A tool here, a workaround there, until they are running five different solutions with no clear ownership or audit trail.

This talk cuts through the noise. It begins by explaining why Kubernetes-native secrets fall short at scale, then introduces the two paradigms every team eventually chooses between: keeping Kubernetes as the source of truth or treating an external system like Vault or Infisical as the authority.

From there, it walks through six practical evaluation dimensions: rotation, auditability, incident response, multi-cluster governance, developer experience, and blast radius. Attendees will leave with a framework for auditing their current setup, identifying gaps, and making a deliberate choice that scales.