Polycrate IaC: Security in IaC Pipelines and Secrets Management
TL;DR Securing IaC pipelines requires integrated secrets management, clear access control, and …
With version 0.29.1, Polycrate receives an important maintenance release with an Ansible upgrade for kubernetes.core compatibility.
Upgrade from Python 3.11 to 3.12 and Ansible 10.7.0 to 13.2.0 to access modern Ansible modules.
| Component | Old | New |
|---|---|---|
| Python | 3.11 | 3.12 |
| Ansible | 10.7.0 | 13.2.0 |
| ansible-core | 2.17.x | 2.20.1 |
| kubernetes.core | ~3.x-5.x | >= 6.1.0 |
Background: The take_ownership parameter for kubernetes.core.helm was added in version 6.1.0. This allows the takeover of existing Kubernetes resources during Helm upgrades.
# Now supported:
- name: Install with Helm
kubernetes.core.helm:
name: my-release
chart_ref: oci://registry/chart
take_ownership: true # NEW in kubernetes.core 6.1.0+The registry stanza from secrets.poly is now correctly merged into the workspace configuration.
Problem: Previously, registry credentials in secrets.poly were ignored.
Solution: Public settings in workspace.poly are combined with encrypted credentials from secrets.poly:
# workspace.poly (public)
registry:
endpoint: "cargo.ayedo.cloud"# secrets.poly (encrypted)
registry:
username: "robot+my-user"
password: "super-secret-token"→ Workspace Encryption Documentation
No migration required.
secrets.poly files with registry stanza are now processed correctlypolycrate update 0.29.1Or download the binaries directly from PolyHub.
Polycrate is ayedo’s Infrastructure-as-Code tool for declarative multi-cluster management. Learn more →
TL;DR Securing IaC pipelines requires integrated secrets management, clear access control, and …
TL;DR Polycrate platform operations require security-by-design, comprehensive audit logging, and …
TL;DR Reusability is achieved through modular templates, clear interfaces, and Policy-as-Code. …