MireCloud Homelab Series — Part 8 May 8, 2026 · Emmanuel Steven Catin · 12 min read Kubernetes HashiCorp Vault Cilium Tetragon DevSecOps Zero Trust TL;DR — Vault dynamic secrets give every pod a unique, time-limited PostgreSQL credential that rotates automatically every 5 minutes — without restarting the pod, without touching the application. That credential is gone before an attacker can do anything with it. And yet, an attacker with a shell inside the pod can read the current one in under a second. This article proves the gap on a live cluster, then closes it at the kernel level. Where We Left Off Part 7 was about proving, with raw bytes from etcdctl , that the industry-default Kubernetes setup stores every secret as plaintext on disk — and then closing that gap with two controls: Encryption at Rest — defeated the adversary who steals a disk or exfiltra...
Welcome to Emmanuel Steven's Blog! 🎯 Passionate about IT and new technologies, I share my expertise in DevOps, cloud infrastructure (AWS, Azure, Kubernetes), data analysis tools, and more. Whether you're a beginner or an experienced professional, this blog offers valuable resources to enhance your skills and optimize your projects.