Hi guys, nice article (hands down)! There is only one inaccuracy that perhaps you guys would want to know.

When you guys say:

> Why do we need another solution? First of all, Kubernetes secrets are base64 encoded, not encrypted.

That can be rather misleading as it can lead people to believe that Kubernetes doesn’t encrypt secrets at all which isn’t the case. You can set up your k8s cluster using ``` — encryption-provider-config``` which allows you to choose among many providers using all sorts of encryption methods (the list keeps growing). https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#configuration-and-determining-whether-encryption-at-rest-is-already-enabled

I get that you guys are referring specifically to secrets stored on YAML files (as you guys plan to have it committed to your git repo) but if you could emphasise that this is the case you’re talking about that would be great! :)(and subsequently, avoid future visitors from getting confused with the subject)

Again, you guys did an extraordinary job. Keep up with the good work mates!