Symposium sur la sécurité des technologies de l'information et des communications

Argo CD is a tool designed to manage Continuous Deployment pipelines between code repositories and Kubernetes clusters. As it is granted important privileges (it runs by default as cluster administrator), it is important to ensure it is deployed in a secure way. It heavily relies on standard Kubernetes objects and store sensitive values in Kubernetes Secrets. What happens when the content of these Secrets is compromised? This question is all the more important when a security incident happens.

This article presents how Argo CD uses its Kubernetes Secrets and provides some recommendations to help ensuring the security.