Security Practices

[nikhiljha]

As of right now, the cluster protects basically no secret data. Probably the most valuable thing would be a TLS cert, but even that's not very valuable (easy to revoke).

With this cluster we should be able to detect when something is fishy, maybe with

• Falco - "Cloud-Native runtime security"

We should also...

• re-review the Vault security guidelines on Hashicorp's website
• review the Kubernetes security guidelines on k8s.io
• do a quick look through what's deployed and make sure there are no obvious holes