[{"data":1,"prerenderedAt":31},["ShallowReactive",2],{"post-data-product-update-post-quantum-cryptography-meets-1s-kubernetes-syncs":3},{"post":4,"relatedPosts":20},{"id":5,"title":6,"content":7,"hashtags":8,"coverImage":16,"createdAt":17,"seoTitle":18,"seoDescription":19},"33xGeSkNy3pvkTFqqXJ4","Product Update:  Post-Quantum Cryptography meets \u003C1s Kubernetes Syncs","\u003Cdiv class=\"header\"> \u003C\u002Fdiv>\n\u003Cdiv class=\"content\">\n\u003Cdiv class=\"intro\">Engineering teams are actively seeking alternatives to the operational complexity of legacy enterprise vaults and the limitations of consumer-grade tools. We built the upgrade. Engineered to eliminate unencrypted YAMLs and legacy password managers, Ennote Security delivers a true zero-persistence architecture. Whether you are migrating from HashiCorp Vault, replacing 1Password, or securing native Kubernetes workloads, here is how \u003Cstrong>The Identity-Driven Secret Manager\u003C\u002Fstrong> bridges the gap between identity and infrastructure.\u003C\u002Fdiv>\n\u003Cdiv class=\"feature-block\">\u003Cimg class=\"img-placeholder\" src=\"https:\u002F\u002Fmedia.ennote.io\u002Fagent\u002Fagent-overview.svg\" alt=\"Kubernetes Smart Agent Overview\">\n\u003Ch2 class=\"feature-title\">Kubernetes Smart Agent: <1s Synchronization without the Overhead\u003C\u002Fh2>\n\u003Cdiv class=\"feature-desc\">\n\u003Cdiv class=\"feature-desc\">\u003Cstrong>Bypass the operational overhead of HashiCorp Vault and proprietary SDKs.\u003C\u002Fstrong> Our lightweight, Helm-deployed agent establishes an outbound-only gRPC stream for real-time updates directly to native Kubernetes resources.\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero Network Friction:\u003C\u002Fstrong> No inbound ports, webhooks, or open firewall rules required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Code Changes:\u003C\u002Fstrong> Applications consume secrets via standard \u003Ccode>envFrom\u003C\u002Fcode> variables.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Rollout:\u003C\u002Fstrong> By adding the restart annotation, the agent automatically rotates pods the millisecond secrets change in your Ennote dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fdiv>\n\u003C\u002Fdiv>\n\u003Ca class=\"feature-link\" href=\"https:\u002F\u002Fennote.io\u002Fagent?utm_source=social&utm_medium=post&utm_campaign=product_update_may_2026\">View Agent Documentation ↗\u003C\u002Fa>\u003C\u002Fdiv>\n\u003Cdiv class=\"divider\"> \u003C\u002Fdiv>\n\u003Cdiv class=\"feature-block\">\u003Cimg class=\"img-placeholder\" src=\"https:\u002F\u002Fmedia.ennote.io\u002Fog-image.png\" alt=\"Zero Persistence Cryptography Architecture\">\n\u003Ch2 class=\"feature-title\">Transparent, Zero-Persistence Cryptography\u003C\u002Fh2>\n\u003Cdiv class=\"feature-desc\">When evaluating an enterprise secrets manager, \u003Cstrong>the fundamental security question is not just how data is encrypted, but where and for how long the plaintext keys exist\u003C\u002Fstrong>.\n\u003Cul>\n\u003Cli>\u003Cstrong>Volatile Memory Only:\u003C\u002Fstrong> Plaintext keys exist only in RAM for the milliseconds a cryptographic operation occurs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Absolute Zero Persistence:\u003C\u002Fstrong> At no point are plaintext DEKs written to disk, logs, or persistent storage.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Quantum Ready:\u003C\u002Fstrong> All data is encrypted via Client-Side AES-256-GCM, enveloped by NIST-standard CRYSTALS-Kyber (Kyber-1024) to protect against \"harvest-now-decrypt-later\" attacks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fdiv>\n\u003Ca class=\"feature-link\" href=\"https:\u002F\u002Fennote.io\u002Fblog\u002Fthe-identity-driven-cryptography-behind-ennote-s-zero-persistence-vault?utm_source=social&utm_medium=post&utm_campaign=product_update_may_2026\">Read the Engineering Deep-Dive ↗\u003C\u002Fa>\u003C\u002Fdiv>\n\u003Cdiv class=\"divider\"> \u003C\u002Fdiv>\n\u003Cdiv class=\"feature-block\">\u003Cimg class=\"img-placeholder\" src=\"https:\u002F\u002Fmedia.ennote.io\u002Fnews\u002Faws-kms-m.jpeg\" alt=\"AWS KMS BYOK Integration\">\n\u003Ch2 class=\"feature-title\">Enterprise Sovereign Control: AWS KMS Integration (BYOK)\u003C\u002Fh2>\n\u003Cp class=\"feature-desc\">Take sovereign control over your organization's cryptography. Expanding on our existing Google Cloud KMS capabilities, Ennote’s Bring Your Own Key (BYOK) architecture now allows you to \u003Cstrong>connect your own AWS KMS\u003C\u002Fstrong> to envelope our Internal KMS keys. By wrapping our internal infrastructure with your key, you maintain absolute cryptographic authority, allowing you to instantly revoke access to your data if a breach is suspected.\u003C\u002Fp>\n\u003Ca class=\"feature-link\" href=\"https:\u002F\u002Fennote.io\u002Fsecurity?utm_source=social&utm_medium=post&utm_campaign=product_update_may_2026\">Learn about BYOK Architecture ↗\u003C\u002Fa>\u003C\u002Fdiv>\n\u003Cdiv class=\"divider\"> \u003C\u002Fdiv>\n\u003Cdiv class=\"feature-block\">\u003Cimg class=\"img-placeholder\" src=\"https:\u002F\u002Fmedia.ennote.io\u002Fdocs\u002Fsecret\u002Fsecret-overview.png\" alt=\"Ennote Identity-Driven Interface\">\n\u003Ch2 class=\"feature-title\">A Lightning-Fast, Identity-Driven Interface\u003C\u002Fh2>\n\u003Cp class=\"feature-desc\">We’ve completely refreshed the Ennote Web UI, specifically designed for engineering workflows. \u003Cstrong>Natively integrated with your SSO and RBAC\u003C\u002Fstrong>, it’s easier than ever to manage team passwords, API keys, and access controls with a complete chain of custody alongside your infrastructure.\u003C\u002Fp>\n\u003Ca class=\"feature-link\" href=\"https:\u002F\u002Fapp.ennote.io?utm_source=social&utm_medium=post&utm_campaign=product_update_may_2026\">Sign In to See What's New ↗\u003C\u002Fa>\u003C\u002Fdiv>\n\u003Cdiv class=\"divider\"> \u003C\u002Fdiv>\n\u003Cdiv class=\"bottom-links\">\u003Ca href=\"https:\u002F\u002Fapp.ennote.io?utm_source=social&utm_medium=post&utm_campaign=product_update_may_2026\">Start Using\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fgroups\u002F17605037\u002F\">Join Community Group\u003C\u002Fa>  |  \u003Ca href=\"https:\u002F\u002Fennote.io\u002Fcontact\u002F?utm_source=social&utm_medium=post&utm_campaign=product_update_may_2026\">Talk to an Architect\u003C\u002Fa>\u003C\u002Fdiv>\n\u003C\u002Fdiv>\n\u003Cp> \u003C\u002Fp>",[9,10,11,12,13,14,15],"cybersecurity","devops","kubernetes","infosec","cloudsecurity","softwareengineering","secretmanagement","https:\u002F\u002Ffirebasestorage.googleapis.com\u002Fv0\u002Fb\u002Fblog-01-c712e.firebasestorage.app\u002Fo\u002Fblog-covers%2F1779861206663_Gemini_Generated_Image_ghqtxxghqtxxghqt.png?alt=media&token=76222004-7015-4960-a8e1-29083eeb4ff9",1779860130922,"Ennote Security: Enterprise Secret Management & BYOK","Upgrade from legacy vaults with Ennote. Featuring zero-persistence architecture, Kubernetes-native sync, and AWS KMS integration for superior security.",[21,26],{"title":22,"slug":23,"coverImage":24,"createdAt":25},"HashiCorp Vault vs. Infisical vs. Ennote: The Future of Kubernetes Secret Management","hashicorp-vault-vs-infisical-vs-ennote-the-future-of-kubernetes-secret-management","https:\u002F\u002Ffirebasestorage.googleapis.com\u002Fv0\u002Fb\u002Fblog-01-c712e.firebasestorage.app\u002Fo\u002Fblog-covers%2F1777266422787_wmremove-transformed%20(3).png?alt=media&token=fe8c588f-9c3e-4dbe-801b-b3fe5f314dd0",1777266425973,{"title":27,"slug":28,"coverImage":29,"createdAt":30},"5 Risky Ways Your Team Shares Secrets (And How to Stop Them)","5-risky-ways-your-team-shares-secrets-and-how-to-stop-them","https:\u002F\u002Ffirebasestorage.googleapis.com\u002Fv0\u002Fb\u002Fblog-01-c712e.firebasestorage.app\u002Fo\u002Fblog-covers%2F1777090988952_leaking-secrets.png?alt=media&token=8a6ada1e-2345-4254-8f36-250bbab97117",1777090991652,1779861297751]