https://clusternotes.io/blog Notes from a cloud-native engineering journey — Kubernetes, observability, GitOps, Azure, AWS. Practical lessons, hands-on experiments, and how the pieces actually fit together. en-us kozlowski.softnet@gmail.com (Krzysztof Kozłowski) kozlowski.softnet@gmail.com (Krzysztof Kozłowski) Thu, 14 May 2026 00:00:00 GMT https://clusternotes.io/blog/zero-secrets-azure-workload-identity https://clusternotes.io/blog/zero-secrets-azure-workload-identity Kubernetes Secrets are base64, not encrypted. Here is the full path I use to keep zero secret material inside the cluster — Workload Identity federates a pod to a managed identity, External Secrets Operator pulls live values from Key Vault. Terraform, manifests, pitfalls, all of it. Thu, 14 May 2026 00:00:00 GMT kozlowski.softnet@gmail.com (Krzysztof Kozłowski) azurekubernetessecurity