GitOps security practices address the unique security considerations of using Git as the single source of truth for infrastructure and application deployments. It covers securing the Git repositories, reconciliation operators, and the declarative state that defines production environments.
GitOps tools like ArgoCD and Flux continuously reconcile cluster state against Git repository definitions. Security starts with repository access controls: branch protection, required reviews, signed commits, and CODEOWNERS files restricting who can modify critical paths. ArgoCD security includes RBAC for project and application access, SSO integration for authentication, and network policies restricting the ArgoCD server. Repository credentials are managed through Kubernetes Secrets with encryption at rest. Application-level security uses ArgoCD AppProjects to restrict which repositories, clusters, and namespaces each team can target. Drift detection alerts when manual changes diverge from Git state. Secret management avoids storing secrets in Git using Sealed Secrets, SOPS, or External Secrets Operator. Webhook security validates signatures on Git push events that trigger reconciliation. Audit logging tracks every sync operation and who approved changes through Git history.
GitOps concentrates deployment authority in Git repositories. Compromise of a GitOps repository means an attacker can modify production infrastructure through a simple pull request. The reconciliation operator has broad cluster permissions to apply any manifest. Without proper security controls, GitOps trading command-line access for Git access merely changes the attack vector without reducing risk.
CDA maps GitOps security to the SPH (Security Posture and Hygiene) and IAT domains. Our missions secure ArgoCD deployments, implement multi-layer approval workflows, and establish repository governance that maintains the security benefits of declarative infrastructure.