Adopting GitOps for Kubernetes provides a single source of truth for cluster configuration and enables facilities like peer reviews and automated rollbacks. While many organizations store their Kubernetes configurations in git, Kubernetes Secrets are often managed via bespoke implementations outside of source control. Storing plaintext secrets in source, even in private repositories, is a horrible idea, but can we meet somewhere in the middle? In this session, attendees will learn how to securely store and manage Kubernetes Secrets in source control using Javascript Object Signing and Encryption (JOSE) and a Key Management Service (KMS). After this talk, attendees will be able to securely store and manage their Kubernetes Secrets in source the same way they manage their existing Kubernetes configurations.