Skip to content
~/jwright▮
AboutSkillsProjectsBlogContact

#Tag

Posts tagged “secrets”

← All posts

  1. SECURITY SERIES · 0128 June 2026·3 min read

    The first secret is the one you can't commit

    Secrets management has a bootstrap paradox: the credential that pulls every other secret can't itself live in git. Here's how a homelab fleet breaks the cycle — zero plaintext secrets in any repo, and a clean rule for which is the one exception.

    • security
    • gitops
    • secrets
    • kubernetes
    • external-secrets
jonny@bztmon:~ · session receipt✓ Synced · Healthy

$ whoami

Jonathon Wright— Platform & Infrastructure Engineer

$ traceroute www.bztmon.com

served from a homelab Kubernetes cluster, over an encrypted tunnel

$ git log -1 --format=receipt

HEAD ac333e2· built 2026-07-14 08:44Z· reconciled by ArgoCD

$ contact --priority low-ms

ping me on LinkedIn or email — everything else is best-effort delivery.

$

© 2026 Jonathon Wright·CC BY-NC-SA 4.0·built with Astro, shipped via GitOps