How to store kubeconfig in your repo

security

#1

I’m deploying using Kubernetes. I want to put the kubeconfig file into my build, but as my repository is public, it would be a security risk. I’ve encrypted it using gpg, and it’s decrypted using a secret environment variable.

Is this safe?


#2

This seems like the best approach. As an additional measure I would also make sure that your GPG key has a passphrase (and store that as an ENVAR as well).

Of course, I would also use a specific key for this project and not have it shared for any other purpose.


#3