Today, we are excited to introduce a new open-source secrets management platform for Kubernetes and cloud-native environments: Kubermatic SecureGuard (KubeSG).
Why we created Kubermatic SecureGuard
Every modern platform runs on secrets: API keys, database credentials, certificates, and tokens. They unlock production systems, customer data, and AI workloads, but they are also one of the most common ways into your infrastructure.
As organizations scale, secrets often become fragmented across clusters, tools, and environments. And while 72% of teams say secrets management helps prevent breaches, more than half still do not have a secure solution in place. Nearly one in four developers has already experienced a breach caused by compromised credentials.
We believe managing secrets should be simple, transparent, and native to Kubernetes. Teams should focus on shipping workloads, not on tickets and manual rotations.
What is Kubermatic SecureGuard?
KubeSG is a self-hosted, open-source secrets management platform built on OpenBao and integrated with the External Secrets Operator (ESO).
It lets security teams define access rules in one central place while applications receive only the secrets they need, directly inside their environments. This keeps access secure while making it easier for teams to work with secrets as part of their normal Kubernetes workflows.
Kubermatic SecureGuard is built entirely on open-source components and maintained in the open. Its security model is transparent, auditable, and free from restrictive licensing.
How Kubermatic SecureGuard works
KubeSG brings a few smart tools together to make secrets easy to manage. Its OpenBao Core keeps secrets encrypted and logs every access. Using ESO, secrets are synced straight into Kubernetes, so developers can work with standard Secret objects without learning new tools. Passwords and API keys rotate automatically without restarting applications, and the system handles startup and lifecycle management across clouds. KubeSG also supports multiple vaults and storage backends, letting teams use the tools that fit their environment.
Reach out to us!
Get in touch with us to know all about Kubermatic SecureGuard.
To keep in the loop about what is happening, keep an eye on the Kubermatic GitHub repository and join the Kubermatic community Slack. We’re planning many exciting features!
