Show HN: Kloak, A secret manager that keeps K8s workload away from secrets
Kloak is a Kubernetes-native secret manager that uses eBPF to intercept HTTPS traffic and inject secrets at the network edge, ensuring applications never directly handle sensitive credentials. By replacing hashed placeholders with real secrets only when needed, it prevents compromised processes from accessing or leaking them. The solution requires no code changes and operates transparently within K8s environments. It leverages eBPF technology to enhance security without modifying application logic.
- ▪Kloak uses eBPF to intercept HTTPS traffic in Kubernetes and inject secrets at the network edge.
- ▪Applications receive secrets without ever storing or directly accessing them.
- ▪The system replaces hashed placeholders with real credentials during runtime.
- ▪No code changes are required to integrate Kloak with existing K8s workloads.
- ▪Kloak enhances security by ensuring compromised processes cannot leak secrets they never possessed.
Full article excerpt tap to expand
Kloak transparently intercepts HTTPS traffic in Kubernetes using pure eBPF, replacing hashed placeholders with real secrets at the network edge. Your applications never see the actual credentials, so a compromised process cannot leak what it never had. Learn More eBPF Powered Zero Code Changes K8s Native
This excerpt is published under fair use for community discussion. Read the full article at Getkloak.