Protecting Sensitive Code with Encrypted Container Images on Kubernetes
Many enterprises are driven by trade secrets in their code - whether it is a proprietary AI model, or a secret high frequency trading strategy. It is of utmost importance that critical algorithms, pro …
| Talk Title | Protecting Sensitive Code with Encrypted Container Images on Kubernetes |
| Speakers | Harshal Patil (Advisory Systems Software Engineer, IBM), Brandon Lum (Senior Software Engineer, IBM) |
| Conference | KubeCon + CloudNativeCon |
| Conf Tag | |
| Location | Shanghai, China |
| Date | Jun 23-26, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Many enterprises are driven by trade secrets in their code - whether it is a proprietary AI model, or a secret high frequency trading strategy. It is of utmost importance that critical algorithms, proprietary code, or other content that is highly sensitive have minimum exposure unencrypted. In this talk, we will show the end-to-end process of how users can create an encrypted container during the build process, to running encrypted container images on a Kubernetes cluster with the proposed ImageDecryptSecrets. We will show how the Encrypted Images OCI spec allows fine-grained encryption through leveraging layering of container images. Finally, we will talk about how Image Encryption will integrate into the container ecosystem, and talk about several possibilities for innovation in the container DevSecOps pipeline.
