Kubernetes Secrets Handbook

Emmanouil Gkatziouras
Visit to download the full and correct content document:
https://ebookmass.com/product/kubernetes-secrets-handbook-emmanouil-gkatzioura
s/
Kubernetes Secrets Handbook
Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or
transmitted in any form or by any means, without the prior written permission of the publisher,
except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information
presented. However, the information contained in this book is sold without warranty, either express or
implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable
for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and
products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot
guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Suwarna Rajput

Senior Editor: Arun Nadar

Technical Editor: Irfa Ansari

Copy Editor: Safis Editing

Project Coordinator: Uma Devi

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Production Designer: Shankar Kalbhor

Marketing Coordinator: Rohan Dobhal

First published: January 2024

Production reference: 1120124

Published by

Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB

ISBN 978-1-80512-322-4

www.packtpub.com
To my father. A mentor for life and the best teacher I had. At every milestone reached, you have
your own share of credit.
– Emmanouil Gkatziouras
To my grandmother for her kindness, my grandfather for his wisdom, and my partner and best
friend, Mercedes Adams, for her love, patience, and continuous support.
– Rom Adams
To my wife. A beacon of love and strength in my life. Your support and care have shaped every
success I’ve achieved. In every moment, your presence is a blessing beyond measure.
 – Chen Xi

Foreword
In today’s digital landscape, the orchestration of containers has revolutionized how we build, deploy,
manage, monitor, and scale cloud-native applications. Among the myriad tools available, Kubernetes
has emerged as the de facto platform for container orchestration, empowering teams to streamline
development and deployment processes like never before.

However, as we venture deeper into this realm of agility and efficiency, the critical aspect of security
often becomes a concern relegated to the background. The management of Secrets – those sensitive
pieces of information ranging from credentials, API keys, and other sensitive data – is a paramount
challenge to organizations. Mismanagement of these Secrets can lead to substantial cyberattacks that
jeopardize not just an organization’s data but also its reputation and trust. Even the accidental
mismanagement of Secrets, such as Secrets being mistakenly stored in a code repository such as
GitHub, can greatly increase the attack vector on both Kubernetes platforms and the applications that
they host.

This book stands as a beacon in the sea of Kubernetes knowledge, guiding practitioners and
enthusiasts alike through the intricate landscape of security and Secrets management within
Kubernetes. It is a comprehensive guide that not only illuminates the potential vulnerabilities but also
offers robust strategies and best practices to fortify your cloud-native applications and Kubernetes
platforms.

With a meticulous approach, the authors delve into the core concepts of Kubernetes security,
dissecting every layer of its architecture to unveil potential vulnerabilities and common pitfalls.
Furthermore, they navigate the complex terrain of Secrets management, presenting battle-tested
methodologies and tools to safeguard these invaluable assets.

From encryption in transit and encryption at rest to Secrets integration with CI/CD pipelines and
mechanisms for identity and access management, this book thoroughly details the arsenal of security
features Kubernetes offers, empowering you to craft and deliver a robust security strategy. It will arm
you with practical insights and real-world examples, providing a hands-on approach to managing
your Kubernetes Secrets against ever-evolving cyber threats.

As cloud-native application development continues its rapid evolution, the importance of securing
our digital environments and artifacts cannot be overstated. This book is an indispensable companion,
a guiding light for anyone navigating the Kubernetes ecosystem, ensuring that security and Secrets
management remain at the forefront of their endeavors. It will cover Secrets management across
multiple cloud providers and secure integration with other third-party vendors.

Prepare to embark on a journey that not only enhances your knowledge but also empowers you to
fortify the foundation of your digital endeavors. When it comes to Kubernetes Secrets management,
security should be built in, not bolt-on, and this book will arm you with the tools, techniques, and
processes to ensure that your Secrets remain just that…secret!

Chris Jenkins, Principal Chief Architect, Global CTO Organization, Red Hat Inc.

Contributors

About the authors

Emmanouil Gkatziouras started his career in software as a Java developer. Since 2015, he has
worked daily with cloud providers such as GCP, AWS, and Azure, and container orchestration tools
such as Kubernetes. He has fulfilled many roles, either in lead positions or as an individual
contributor. He enjoys being a versatile engineer and collaborating with development, platform, and
architecture teams. He loves to give back to the developer community by contributing to open source
projects and blogging on various software topics. He is committed to continuous learning and is a
holder of certifications such as CKA, CCDAK, PSM, CKAD, and PSO. He is the author of A
Developer’s Essential Guide to Docker Compose.

Rom Adams (né Romuald Vandepoel) is an open source and C-Suite advisor with 20 years of
experience in the IT industry. He is a cloud-native expert who helps organizations to modernize and
transform with open source solutions. He is advising companies and lawmakers on their open and
inner-source strategies. He has previously worked as a principal architect at Ondat, a cloud-native
storage company acquired by Akamai, where he designed products and hybrid cloud solutions. He
has also held roles at Tyco, NetApp, and Red Hat, becoming a subject matter expert in hybrid cloud.
He has been a moderator and speaker for several events, sharing his insights on culture, process, and
technology adoption, as well as his passion for open innovation.

Chen Xi is a highly skilled Uber platform engineer. As a tech leader, he contributed to the secret and
key management platform service, leading and delivering Secrets as a service with a 99.99% SLA for
thousands of Uber container services across hybrid environments. His cloud infrastructure prowess is
evident from his work on Google Kubernetes Engine (GKE) and the integration of Spire-based PKI
systems. Prior to joining Uber, he worked at VMware, where he developed microservices for
VMware’s Hybrid Kubernetes management platform (Tanzu Mission Control) and VMware
Kubernetes Engine for multi-cloud (Cloud PKS). Chen is also a contributing author to the Certified
Kubernetes Security Specialist (CKS) exam.

About the reviewers

Brad Blackard is an industry veteran with nearly 20 years of experience at companies such as Uber,
Microsoft, and Boeing. At Uber, Brad led multiple technical initiatives as a leader in the Core
Security organization, including Secrets management at scale. Most recently, Brad has served as head
of engineering for DevZero, a start-up focused on securely improving developer experience and
productivity, and he continues to serve there as an advisor.

Ethan Walton is a staff security engineer with a background in Kubernetes, DevOps, and cloud
security. He has been active in the space since 2019, with work spanning platform engineering, cloud
infrastructure consulting at Google, and leading cloud security initiatives within growing engineering
organizations. Ethan is certified as a Google Cloud Professional Cloud Network Engineer and is an
avid technology enthusiast. Outside of work, Ethan is also heavily invested in Venture Capital and
helping to discover transformational technology start-up companies that will help shape the future.
 I’d like to thank my family and especially my mother, father, and better half, Alexandra, for
understanding the time and commitment it takes to continue pursuing my passion in the ever-
changing world of technology. Day in and day out, this would not have been possible without
them every step of the way. Thank you, and thanks to all the great technology trailblazers who
continue to make every day an exciting day to work in this field.

James Skliros, a seasoned lead engineer, has shaped the digital landscape for over two decades, and
he is renowned for spearheading projects and showcasing exceptional expertise in DevOps, the cloud,
and Kubernetes. His adeptness at developing innovative initiatives and enhancing operational
efficiency in DevOps is evident throughout his career. Evolving from a system administration
background, he now focuses on architecture and solution design, emphasizing a passion for cloud
security. Beyond his professional endeavors, he remains dedicated to technology, contributing
insightful blogs and articles to his employer and personal platform.
I want to extend my deepest gratitude to my incredible wife, who has been my unwavering
support during both the highs and lows of my career journey. Her steadfast encouragement has
allowed me to persist in achieving my goals. Additionally, I appreciate Innablr for providing a
growth-oriented workplace. Their support has played a key role in my career progression, and I
am sincerely thankful for the opportunities they’ve offered.
Table of Contents

Preface
Part 1: Introduction to Kubernetes Secrets
Management

Understanding Kubernetes Secrets Management

Technical requirements
Understanding Kubernetes’ origins and design principles
From bare metal to containers
Kubernetes overview
Kubernetes design principles
Kubernetes architecture
Getting hands-on – from a local container to a Kubernetes Pod
Secrets within Kubernetes
Secrets concepts
Storing Secrets on Kubernetes
Why should we care?
Security exposures
Summary

Walking through Kubernetes Secrets Management

Concepts
Technical requirements
What are Kubernetes Secrets, and how do they differ from other
Kubernetes objects?
Different types of Secrets and their usage scenarios
Opaque
Kubernetes service account token
Docker config
Basic authentication
TLS client or server
Token data
Fazit
Creating, modifying, and deleting Secrets in Kubernetes
data and stringData
Updating Secrets
Deleting Secrets
Fazit
Kubernetes Secrets configuration in different deployment
scenarios
Secret usage among environments
From development to deployment
Fazit
Requirement for managing Secrets, including secure storage
and access control
Secure storage
Access control
Git and encryption
Fazit
Securing access to Secrets with RBAC
RBAC introduction
RBAC and Secrets
Fazit
Auditing and monitoring secret usage
minikube note
Summary
3

Encrypting Secrets the Kubernetes-Native Way

Technical requirements
Kubernetes-native encryption
Standalone native encryption
Native encryption with an external component
Going further with securing etcd
Linux system hardening
Linux data encryption
Transport
Summary

Debugging and Troubleshooting Kubernetes Secrets

Technical requirements
Discussion of common issues with Kubernetes Secrets
Helm and Helm Secrets
Secret application pitfalls
Debugging and troubleshooting Secrets
The describe command
Non-existing Secrets
Badly configured Secrets
Troubleshooting and observability solutions
Best practices for debugging and troubleshooting Secrets
Avoiding leaking Secrets
Summary
Part 2: Advanced Topics – Kubernetes Secrets in a
Production Environment

Security, Auditing, and Compliance

Technical requirements
Cybersecurity versus cyber risk
Cybersecurity
Cyber risk
Fazit
Compliance standards
Adopting a DevSecOps mindset
Tools
Trivy
kube-bench
Compliance Operator
StackRox
Kubernetes logging
Summary

Disaster Recovery and Backups

Technical requirements
Introduction to Secrets disaster recovery and backups
Importance of disaster recovery and backups for Secrets
management
Practical case studies – the importance of backup Secrets
Backup strategies for Kubernetes Secrets
Geo-replication/cross-region replication
Point-in-time snapshots to immutable storage
Writing to multiple places during transit
Secrets versioning and backup considerations
Choosing a backup strategy
Security guidance for backup
Tools and solutions for backing up Kubernetes Secrets
Velero
etcdctl
HashiCorp Vault
AWS Secrets Manager
Azure Key Vault
Disaster recovery for Kubernetes Secrets
DRP in a Kubernetes environment
Regular testing and updating
Tools and solutions for disaster recovery in Kubernetes
Effective Secrets recovery scenario during a crisis
Summary

Challenges and Risks in Managing Secrets

Technical requirements
Grasping the complexities of Secrets management systems
General security risks in Secrets management
Secret zero
Secret access ballooning
Secret valet parking
Secret sprawl
Secret island
Challenges and risks in managing Secrets for Kubernetes
Security risks to manage Kubernetes Secrets
Mitigation strategies
Summary
Part 3: Kubernetes Secrets Providers

Exploring Cloud Secret Store on AWS

Technical requirements
Overview of AWS Secrets Manager
Encryption
Versioning
Rotation
Cloud-based features
Secrets Store CSI Driver
How Secrets Store CSI Driver works
Integrating AWS Secrets Manager with EKS
EKS cluster on AWS
Auditing
Kubernetes logs on CloudWatch
AWS Secrets Manager logs on AWS CloudTrail
KMS for AWS Secrets encryption
Provisioning KMS
Using KMS with EKS
Summary

Exploring Cloud Secret Store on Azure

Technical requirements
Overview of Azure Key Vault
Azure RBAC and access policy
High availability
Logging, auditing, and monitoring
Integration with other Azure components
Introduction to Workload Identity
Integrating an AKS cluster and Azure Key Vault
Configuring the Terraform project
Provisioning the network
Provisioning the AKS cluster
Creating a Key Vault
Auditing and logging
Azure Key Vault for secret encryption
Summary

10

Exploring Cloud Secret Store on GCP

Technical requirements
Overview of GCP Secret Manager
IAM
High availability
Logging, auditing, and monitoring
Integration with other Google Cloud components
Introduction to Workload Identity
Integrating GKE and GCP Secret Manager
Configuring the Terraform project
Provisioning the network
Provisioning a secret on Secret Manager
Provisioning the GKE cluster
Adding the CSI plugin for Kubernetes Secrets
Auditing and logging
GKE security posture dashboard
Integrating GKE and KMS
Summary

11

Exploring External Secret Stores

Technical requirements
Overview of external secret providers
Secrets Store CSI Driver
External secret store providers with CSI plugins
Secrets Injector
HashiCorp Vault
Using HashiCorp Vault as a secret storage
Vault and CSI Driver
Vault hosted on Kubernetes
Development mode versus production mode
CyberArk Conjur
How Conjur works
Qualities for securely managing Secrets
High availability
Encryption of data
Secure access
Versioning
Integration with Kubernetes
Auditing
Summary
12

Integrating with Secret Stores

Technical requirements
Configuring external secret stores in Kubernetes
Secret consumption in Kubernetes
Integrating with external secret stores
Kubernetes extensions and API mechanisms
Pod lifecycle and manipulation mechanisms
Specialized Kubernetes patterns – SealedSecrets
Secret Store CSI Driver for Kubernetes Secrets
Service mesh integration for secret distribution
Broker systems in Secrets management
Security implications and best practices
Practical and theoretical balance
Summary

13

Case Studies and Real-World Examples

Technical requirements
Real-world examples of how Kubernetes Secrets are used in
production environments
Qualities of Secrets management in production
Secrets management from a CI/CD perspective
Integrating Secrets management into your CI/CD process
Risks to avoid with Secrets in CI/CD pipelines
Best practices for secure CI/CD Secrets management
Lessons learned from real-world deployments
Case study – Developing Secrets management
The Keywhiz Secrets management system at Square
Managing the Secrets lifecycle from end to end in a Kubernetes
production cluster
Finalizing your decision on comprehensive Secrets lifecycle
management
High SLAs as the key to business sustainability
Emergency recovery – backup and restore
Not just storing but provisioning Secrets
Secrets rotation
Authorization sprawl issue
Tagging, labeling, and masking on the client side
Auditing and monitoring on the server side
Ensuring secure Secrets distribution
Decommissioning and revoking Secrets
Responsibility, on-call support, penetration testing, and risk
evaluation
Summary

14

Conclusion and the Future of Kubernetes Secrets

Management
The current state of Kubernetes
Native solutions
External solutions
The future state of Kubernetes
Food for thought and enhancements
How to share your thoughts
Continuous improvement
Skill acquisition
Start early, fail fast, and iterate
Automation as a strategy and Everything as Code (EaC)
Threat modeling
Incident response
Summary

Index

Other Books You May Enjoy

Preface
Kubernetes Secrets management is a combination of practices and tools that help users to securely
store and manage sensitive information, such as passwords, tokens, and certificates, within a
Kubernetes cluster and keep them safe and secure. Securing Secrets such as passwords, API keys,
and other sensitive information is critical for protecting applications and data from unauthorized
access. Developers who understand Kubernetes Secrets management can help ensure that Secrets are
managed securely and effectively, reducing the risk of security breaches. Many industries and
regulatory frameworks have specific requirements for managing sensitive data. By learning
Kubernetes Secrets management practices, developers can ensure that their applications comply with
these requirements and avoid potential legal or financial penalties.
Who this book is for
This book is for software and DevOps engineers and system administrators looking to deploy and
manage Secrets on Kubernetes. Specifically, it is aimed at the following:
Developers who are already familiar with Kubernetes and are looking to understand how to manage Secrets effectively. This could
include individuals who are already using Kubernetes for application deployment, as well as those who are new to the platform
and looking to learn more about its capabilities.

Security professionals who are interested in learning how to securely manage Secrets within a Kubernetes environment. This
could include individuals who are responsible for securing applications, infrastructure, or networks, as well as those who are
responsible for compliance and regulatory requirements.

Anyone who is interested in using Kubernetes to deploy and manage applications securely, and who wants to understand how to
effectively manage Secrets within that environment.
What this book covers
Chapter 1, Understanding Kubernetes Secrets Management, introduces you to Kubernetes and the
importance of Secrets management in applications deployed on Kubernetes. It gives an overview of
the challenges and risks associated with managing Secrets, the objectives, and the scope of the book.

Chapter 2, Walking through Kubernetes Secrets Management Concepts, covers the basics of
Kubernetes Secrets management, including the different types of Secrets; their usage scenarios; how
to create, modify, and delete Secrets in Kubernetes; and secure storage and access control. It also
covers how to securely access Secrets with RBAC and Pod Security Standards, as well as auditing
and monitoring secret usage.

Chapter 3, Encrypting Secrets the Kubernetes-Native Way, teaches you how to encrypt Secrets in
transit and at rest in etcd, as well as key management and rotation in Kubernetes.

Chapter 4, Debugging and Troubleshooting Kubernetes Secrets, provides guidance on identifying

and addressing common issues that arise when managing Secrets in Kubernetes. It covers best
practices for debugging and troubleshooting Secrets, including the usage of monitoring and logging
tools, ensuring the security and reliability of Kubernetes-based applications.

Chapter 5, Security, Auditing, and Compliance, focuses on the importance of compliance and
security while managing Secrets in Kubernetes. It covers how to comply with security standards and
regulations, mitigating security vulnerabilities, and ensuring secure Kubernetes Secrets management.

Chapter 6, Disaster Recovery and Backups, provides you with an understanding of disaster recovery
and backups for Kubernetes Secrets. It also covers backup strategies and disaster recovery plans.

Chapter 7, Challenges and Risks in Managing Secrets, focuses on the challenges and risks associated
with managing Secrets in hybrid and multi-cloud environments. It also covers strategies for
mitigating security risks in Kubernetes Secrets management, guidelines for ensuring secure
Kubernetes Secrets management, and the tools and technologies available for Kubernetes Secrets
management.

Chapter 8, Exploring Cloud Secret Store on AWS, introduces you to AWS Secrets Manager and KMS
and how they can be integrated with Kubernetes. It also covers monitoring and logging operations on
Kubernetes Secrets with AWS CloudWatch.

Chapter 9, Exploring Cloud Secret Store on Azure, teaches you how to integrate Kubernetes with
Azure Key Vault for secret storage, as well as the encryption of Secrets stored on etcd. It also covers
monitoring and logging operations on Kubernetes Secrets through Azure’s observability tools.
Chapter 10, Exploring Cloud Secret Store on GCP, introduces you to GCP Secret Manager and GCP
KMS and how they can be integrated with Kubernetes. It also covers monitoring and logging
operations on Kubernetes Secrets with GCP monitoring and logs.

Chapter 11, Exploring External Secret Stores, explores different types of third-party external secret
stores, such as HashiCorp Vault and CyberArk Secrets Manager. It teaches you how to use external
secret stores to store sensitive data and the best practices for doing so. Additionally, the chapter also
covers the security implications of using external secret stores and how they impact the overall
security of a Kubernetes cluster.

Chapter 12, Integrating with Secret Stores, teaches you how to integrate third-party Secrets
management tools with Kubernetes. It covers external secret stores in Kubernetes and the different
types of external secret stores that can be used. You will also gain an understanding of the security
implications of using external secret stores and how to use them to store sensitive data using different
approaches such as init containers, sidecars, CSI drivers, operators, and sealed Secrets. The chapter
also covers the best practices for using external secret stores and how they can impact the overall
security of a Kubernetes cluster.

Chapter 13, Case Studies and Real-World Examples, covers real-world examples of how Kubernetes
Secrets are used in production environments. It covers case studies of organizations that have
implemented Secrets management in Kubernetes and lessons learned from real-world deployments.
Additionally, you will learn about managing Secrets in CI/CD pipelines and integrating Secrets
management into the CI/CD process. This chapter also covers Kubernetes tools to manage Secrets in
pipelines and the best practices for secure CI/CD Secrets management.

Chapter 14, Conclusion and the Future of Kubernetes Secrets Management, gives an overview of the
current state of Kubernetes Secrets management and future trends and developments in the field. It
also covers how to stay up to date with the latest trends and best practices in Kubernetes Secrets
management.

To get the most out of this book

You should understand Bash scripting, containerization, and how Docker works. You should also
understand Kubernetes and basic concepts of security. Knowledge of Terraform and cloud providers
will also be beneficial.

Software covered in the book Operating system requirements

Docker Windows, macOS, or Linux

 Software covered in the book Operating system requirements

Shell scripting

Podman and Podman Desktop

minikube

Helm

Terraform

GCP

Azure

AWS

OKD and Red Hat OpenShift

StackRox and Red Hat Advanced Cluster Security

Trivy from Aqua

HashiCorp Vault

If you are using the digital version of this book, we advise you to type the code yourself or
access the code from the book’s GitHub repository (a link is available in the next section).
Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at
https://github.com/PacktPublishing/Kubernetes-Secrets-Handbook. If there’s an update to the code, it
will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at
https://github.com/PacktPublishing/. Check them out!
Conventions used
There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file
extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “The kms
provider plugin connects kube-apiserver with an external KMS to leverage an envelope encryption
principle.”

A block of code is set as follows:

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- aesgcm:
keys:
- name: key-20230616
secret: DlZbD9Vc9ADLjAxKBaWxoevlKdsMMIY68DxQZVabJM8=
- identity: {}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items
are set in bold:

apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
eks.amazonaws.com/role-arn: "arn:aws:iam::11111:role/eks-secret-reader"
name: service-token-reader
namespace: default

Any command-line input or output is written as follows:

$ kubectl get events

...
11m Normal Pulled pod/webpage Contai
ner image "nginx:stable" already present on machin

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words
in menus or dialog boxes appear in bold. Here is an example: “Another notable tool provided by
GCP to improve the security posture of a GKE cluster is the GKE security posture dashboard.”

TIPS OR IMPORTANT NOTES

Appears like this.

Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at
[email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do
happen. If you have found a mistake in this book, we would be grateful if you would report this to us.
Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be
grateful if you would provide us with the location address or website name. Please contact us at
[email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you
are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Kubernetes Secrets Handbook, we’d love to hear your thoughts! Please click here
to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering
excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical
books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free
content in your inbox daily

Follow these simple steps to get the benefits:

1. Scan the QR code or visit the link below
 https://packt.link/free-ebook/9781805123224

2. Submit your proof of purchase

3. That’s it! We’ll send your free PDF and other benefits to your email directly
Part 1:Introduction to Kubernetes Secrets Management
In this part, you will be provided with a foundational understanding of Kubernetes Secrets and their
importance in managing sensitive data in applications deployed on Kubernetes. By the end of this
part, you will have learned the basics of the purpose, function, and usage of Kubernetes Secrets with
real-world examples.

This part has the following chapters:

Chapter 1, Understanding Kubernetes Secrets Management

Chapter 2, Walking through Kubernetes Secrets Management Concepts

Chapter 3, Encrypting Secrets the Kubernetes-Native Way

Chapter 4, Debugging and Troubleshooting Kubernetes Secrets

1

Understanding Kubernetes Secrets Management

This chapter will provide you with a refresher about containers, as well as a comprehensive overview
of Kubernetes and its Secrets management implementation. By the end of this first walk-through, all
personas (developers, platform, and security engineers) will know how to design and implement
these topics with a set of hands-on examples. While going through these examples, we will highlight
the respective security concerns that this book will address by covering a series of use cases that will
lead to a production-grade solution for hybrid multi-cloud scenarios, including the business
continuity perspective.

In this chapter, we will cover the following topics:

Understanding Kubernetes’ origins and design principles

Setting up our first Kubernetes testing environment

Exploring Kubernetes Secret and ConfigMap objects

Analyzing why Kubernetes Secrets are important

Unveiling the challenges and risks associated with Kubernetes Secrets management

Mapping the objectives and scope of this book

Technical requirements
To complete the hands-on parts of this chapter, we will be leveraging a series of tools and platforms
that are commonly used to interact with containers, Kubernetes, and Secrets management. For this
first chapter, we will be setting up this environment together and ramping up with a friendly desktop
graphical solution for the first set of examples. Don’t worry – we have you covered with our Code in
Action and GitHub repository, which contains the macOS installation example. Here is the list of
required tools:
Docker (https://docker.com) or Podman (https://podman.io) as a container engine. Both are OK, although I do have a personal
preference for Podman as it offers benefits such as being daemonless for easy installation, rootless for added security, fully Open
Container Initiative (OCI)-compliant, Kubernetes ready, and has the ability to integrate with systemd at the user level to
autostart containers/Pods.

Podman Desktop (https://podman-desktop.io) is an open source software that provides a graphical user interface for building,
starting, and debugging containers, running local Kubernetes instances, easing the migration from containers to Pods, and even
connecting with remote platforms such as Red Hat OpenShift, Azure Kubernetes Engine, and more.
 Golang (https://go.dev) or Go is a programming language that will be used within our examples. Note that Kubernetes and most
of its third-party components are written in Go.

Git (https://git-scm.com) is a version control system that we will be using to cover this book’s examples but will also leverage in
our discovery of Secrets management solutions.

This book’s GitHub repository contains the digital material linked to this book:
https://github.com/PacktPublishing/Kubernetes-Secrets-Handbook.

Understanding Kubernetes’ origins and design

principles
While the evolution from one platform to another might be obvious, the compelling event and inner
mechanics might not be. To safely handle sensitive data within Kubernetes, we have to understand
both its historical and architectural evolutions. This will help us implement a secure production-grade
environment for our critical business applications.

The next few sections will describe a series of concepts, explore and practice them with a simple
container runtime and Kubernetes cluster, and establish their direct relationships with security
concerns that this handbook will address.

IMPORTANT NOTE
While we expect you to perform the hands-on examples while reading along, we understand that you might not have the
opportunity to do so. As such, we have provided briefings and debriefings for each hands-on example.

From bare metal to containers

Four decades ago, deploying applications was done on a physical server, usually referred to as a bare
metal installation. This approach allowed workloads to have direct access to physical resources with
the best native performance possible. Due to out-of-the-box limitations for resource management
from a software perspective, deploying more than one application on a physical server has always
been an operational challenge that has resulted in a suboptimal model with the following root causes:
Physical resource utilization: A reduced set of applications is deployed on a physical machine to limit the potential degradation
of services due to the lack of proper resource management capabilities that would have helped address applications hogging all
the compute resources.

Scalability, flexibility, and time to market: The lead time in weeks or even months to procure, rack and stack, provision the
physical machine, and have the application installed, which impacts business growth.

The total cost of ownership (TCO) versus innovation: The procurement, integration, operations, and life cycle of physical
servers, along with underutilized resources with limited prototyping due to high costs and lead time, slows down the
organization’s innovation capabilities.
Then, in the early 2000s, virtualization or hypervisors became available for commoditized open
systems. A hypervisor is a piece of software that’s merged into the operating system, installed on bare
metal, that allows the IT department to create virtual machines. With this, operations teams were able
to create and tailor these virtual machines to the application’s precise requirements with the ability to
adapt the compute resources during the application’s life cycle and their usage by the business.
Thanks to proper resource management and isolation, multiple virtual machines could run on a single
server without having noisy neighbors causing potential service degradations.

This model provided tremendous optimizations that helped accelerate the digitalization of services
and introduce a new market aside from the traditional data center business – cloud computing.
However, the virtualization model created a new set of challenges:
The never-ending increase of virtual machines thanks to continuous innovation. This exponential growth of assets amplifies the
operational burden to maintain and secure operating systems, libraries, and applications.

The increasing need for automation to perform daily Create, Read, Update, and Delete (CRUD) operations at a large scale
involving complex infrastructure and security components.

The need for a well-thought governance that’s enforced to address the life cycle, security, and business continuity for thousands of
services to support the business continuity of the organization’s critical applications.

Finally, containers made their way as the next layer of optimization. Although the construct of
containers was not new, as with virtualization, it required a major player to invest in the
commoditized open systems to organically make it the next (r)evolution.

Let’s think about a container as a lightweight virtual machine but without the need for a full operating
system, which reduces the overall footprint and operational burden related to the software
development life cycle and security management. Instead, multiple applications, as containers, share
the underlying physical host from a software and hardware level without the overhead of the
hypervisor benefiting from nearly machine-native performance. The container provides you with the
following benefits:
A well-defined standard by the OCI (https://opencontainers.org) to ease with building, (re)distributing, and deploying containers
to any platform that’s compliant with the specifications of the OCI

A highly efficient, predictable, and immutable medium that’s application-centric and only includes the necessary libraries and the
application runtime

Application portability thanks to an infrastructure and platform-agnostic solution

An organic separation of concerns between the developers and platform engineers as there is no need to access the physical or
virtual host operating system to develop, build, test, and deploy applications

Embracing an automation-first approach and DevOps practices to address the infrastructure, application, and security management

Not mentioning a few challenges would be wrong, so here are some:

Most IT organizations have difficulties embracing a new paradigm from both an architectural and management perspective
 Considering the organic serparation of concerns between the developers and platform engineers as a support to silos

There’s an overhype around microservices, which leads to potential suboptimal application architecture with no performance
optimization but added complexity

The following diagram shows the bottom-up stack, which shows the potential application density per
physical server with their respective deployment type:

Figure 1.1 – Layer comparison between bare metal, virtual machines, and containers

We’ve already cited a series of benefits, and yet, we should emphasize additional ones that help with
rapid prototyping, faster deployment, easy live functional testing, and so on:
A smaller code base to maintain and enrich per microservice with easier rollout/rollback

The capability to run in a degraded mode when one of the microservices fails but not the others

The ability to troubleshoot misbehaving microservices without impacting the entire application

It’s faster to recover from failure as only the related microservice must be rescheduled

Granular compute resource allocation and scalability

Not only do microservices help decouple large monolithic applications but they also introduce new
design patterns to accelerate innovation.

This sounds fantastic, doesn’t it? It does, but we still have a major missing element here: container
runtimes such as Docker or Podman do not provide any resiliency in case of failures. To do so, a
container runtime requires an additional software layer providing the applications with high
availability capabilities. Managing hundreds of microservices at scale demands a robust and highly
resilient orchestrator to ensure the business continuity of the applications while guaranteeing a high
level of automation and abstraction toward the underlying infrastructure. This will lead to frictionless
build, deploy, and run operations, improving the day-to-day responsibilities of the IT staff involved
with the workloads that are deployed on the application platforms.
This is a big ask and a challenge that many IT departments are facing and trying to solve, even more
so with legacy patterns. The answer to this complex equation is Kubernetes, a container platform or,
as we should call it, an application platform.

Kubernetes overview
There are no better words to describe what Kubernetes is all about than the words from the
Kubernetes project maintainers: “Containers are a good way to bundle and run your applications. In
a production environment, you need to manage the containers that run the applications and ensure
that there is no downtime. For example, if a container goes down, another container needs to start.
Wouldn’t it be easier if this behavior was handled by a system?

That’s how Kubernetes comes to the rescue! Kubernetes provides you with a framework to run
distributed systems resiliently. It takes care of scaling and failover for your application, provides
deployment patterns, and more.” (https://kubernetes.io/docs/concepts/overview/#why-you-need-
kubernetes-and-what-can-it-do)

The same page lists the following benefits of Kubernetes:

Service discovery and load balancing

Storage orchestration

Automated rollouts and rollbacks

Automatic bin packing

Self-healing

Secret and configuration management

While reading through this handbook, we will explore and practice all of these benefits while
designing a production-grade Secrets management solution for critical workloads.

Kubernetes design principles

We have established the context regarding the evolution and adoption of containers with the need for
Kubernetes to support our applications with resiliency, scalability, and deployment patterns in mind.
But how is Kubernetes capable of such a frictionless experience?

Here is my attempt to answer this question based on having experience as a former cloud architect
within the Red Hat Professional Services organization:
From a workload perspective, every infrastructure requirement that an application will consume is simply defined in a declarative
way without the need for there to be a domain specialist in networking, storage, security, and so on. The YAML manifest
 describing the desired state of Pod, Service, and Deployment objects is then handled by Kubernetes as a service broker for
every specific vendor who has a Kubernetes integration. In other words, application teams can safely write a manifest that is
agnostic of the environment and Kubernetes distribution on which they will deploy the workloads.

From an infrastructure perspective, every component of the stack has a corresponding Kubernetes API object. If not, the vendor
can introduce their own with the standard Kubernetes API object called CustomResourceDefinition, also known as CRD.
This guarantees a common standard, even when interacting with third-party software, hardware, or cloud vendors.

When Kubernetes receives a request with a valid object definition, the orchestrator will apply the
related CRUD operation. In other words, Kubernetes introduces native automation and orchestration.
The same principles should apply to every Kubernetes component running as a container so that they
benefit from self-healing, resiliency, and scalability while being agnostic of the underlying software,
hardware, or cloud provider.

This approach supports the portability not only of containerized applications but of the entire
application platform while reducing the need for technology domain specialists to be involved when
deploying an application, maintaining the platform, and even enriching the Kubernetes project with
new features or components.

The concept of a YAML manifest to define a Kubernetes API object has been floating around for a
while. It is time to look at a simple example that shows the desired state of a Pod object (a logical
grouping for one or multiple containers):

apiVersion: v1
kind: Pod
metadata:
name: hello-app
spec:
containers:
- name: hello-world
image: hello-path:0.1
ports:
- containerPort: 8080

This Pod object’s definition provides the necessary information for Kubernetes to do the following:
Define the desired state for a Pod object with the name hello-app.

Specify that there are containers and that one of them is called hello-world and uses a container image of hello-path.
For this, we want version 0.1 to be pulled from a container registry.

Accept incoming traffic to the hello-world application, using port 8080 at the container level.

That’s it! This is our first Pod definition. It allows us to deploy a simple containerized application
with no fuzz and zero knowledge of the underlying infrastructure.

Kubernetes architecture
There is not much magic behind this orchestration but the work of multiple components provides a
fantastic level of resilience and abstraction, as well as a frictionless experience. The following
diagram provides an overview of the components that run within a Kubernetes instance:

Figure 1.2 – Kubernetes components

A Kubernetes cluster can be divided into two logical groups – the control plane (some distributions
refer to this as the master node) and the (worker) nodes. Let’s drill down into each logical group and
discover their respective components:
Control plane:

kube-apiserver: This component is responsible for exposing the Kubernetes API and enabling CRUD operations
regarding the object definitions and their state within etcd.

etcd: This component is a key value store and serves as the asset management service. A corrupted etcd results in a
full disaster scenario.

kube-scheduler: This component tracks the desired state of Pod and will address any potential drift within the
cluster. As an example, if a Pod object definition is created or modified, kube-scheduler will adjust its state so
that the containers only run on a healthy node.

kube-controller-manager: This component runs a series of controllers that are responsible for handling the
desired state of the nodes, jobs, endpoints, and service accounts. Controllers are reconciliation loops that track the
 difference between the desired and current state of an object and adjust the latter so that it matches the latest object
definition.

cloud-controller-manager (optional): Similar to kube-controller-manager, this component, when

deploying Kubernetes in the cloud, enriches the cluster with additional abstractions to interact with the related cloud
provider services.

Nodes (and the control plane too!):

kubelet: This component interacts with kube-apiserver to verify and adjust the desired states of Pods bound
to the node

kubeproxy: This component provides the basic network plumbing on each node while maintaining the networking
rules to allow (or not) the internal and external network traffic to Pods

container runtime: This component runs the containers

There are additional components that should be considered as add-ons due to their direct dependency
on the Kubernetes distribution. These add-ons would be responsible for handling services such as
DNS, logging, metrics, the user interface, and more.

IMPORTANT NOTE
In a dev/test environment, a single node might be deployed to act both as a control plane and a worker node on which
Pods will be scheduled. However, for resiliency purposes, a production-grade environment should consider a minimum of
three control planes with dedicated worker nodes to improve resilience and separation of concerns, as well as dedicate
compute resources for the applications.

Getting hands-on – from a local container to a

Kubernetes Pod
The main benefits of containers are their portability and being platform agnostic. Deploying the
famous Hello World application within a container using Docker, Podman, or Kubernetes should not
require us to modify the application code. I will even go a step further and say that we should not
care about the underlying infrastructure. On the other hand, there would be a large umbrella of
constraints to deal with when deploying an application with a bare metal or virtualization approach.

Before we start, we assume that you have the following:

All the technical requirements mentioned at the beginning of this chapter

Access to this book’s GitHub repository (https://github.com/PacktPublishing/Kubernetes-Secrets-Handbook)

This example at hand; it is available in the ch01/example01 folder

Let’s have a look at a simple example illustrating a basic software supply chain:
 Building the application binary: The example is a simple Go application showcasing an HTTP service and console logging
capabilities

Building the container image, including the application binary: The application will be built using a Golang toolset container
image; a second small footprint container image will be used to carry the application binary

Running the containerized application using Podman: This first run will leverage the graphical interface of Podman Desktop
to illustrate the rather simple process of running a container

Deploying the containerized application using Kubernetes: This first deployment will leverage the kubectl command line to
showcase how to process our first YAML manifest to create a Kubernetes Pod object

Note that this example is agnostic of the CPU architecture on which the overall process will take
place. This means that you can safely perform the same exercise on different CPU targets without the
need to rewrite code or change any of the configuration files.

It is interesting to note that a container runtime such as Docker or Podman is used to build the
application and the container image containing our application binary. This is done via a text file
called a Dockerfile, which defines all the necessary steps to build our container image:

FROM registry.access.redhat.com/ubi8/go-
toolset@sha256:168ac23af41e6c5a6fc75490ea2ff9ffde59702c6ee15d 8c005b3e3a3634fcc2 AS build
COPY ./hello/* .
RUN go mod init hello
RUN go mod tidy
RUN go build .
FROM registry.access.redhat.com/ubi8/ubi-
micro@sha256:6a56010de933f172b195a1a575855d37b70a4968be8edb 35157f6ca193969ad2
LABEL org.opencontainers.image.title "Hello from Path"
LABEL org.opencontainers.inage.description "Kubernetes Secrets Handbook - Chapter 01 -
Containter Build Example"
COPY --from=build ./opt/app-root/src/hello .
EXPOSE 8080
ENTRYPOINT ["./hello"]

The Dockerfile build steps are as follows:

1. Fetch the go-toolset image for the build.

2. Get all the application content in that image.

3. Run the Go build process.

4. Fetch the ubi-micro image as the target container.

5. Set some container image metadata.

6. Copy the binary from the build image to the target image.

7. Set a port exposure for the application. Here, this is 8080.

8. Run the application binary.

That’s it! Once the application has been built and the container image has been successfully created
and pushed to the registry, the container image will be available in the localhost container registry,
after which the container can be started using either Docker or Podman. This can be done through
one simple command line with a few parameters, though you can leverage the Podman Desktop
graphical interface.

On the other hand, running this container on an application platform such as Kubernetes requires a
different approach – that is, declaratively using a YAML manifest. An example was supplied earlier
in this chapter and can be found in this book’s GitHub repository. This YAML manifest is submitted
to kube-apiserver via a tool such as kubectl.

Here is a transactional overview of a Kubernetes Pod object’s creation:

Figure 1.3 – Kubernetes Pod creation

As we can see, the etcd record is continuously updated during the Pod object’s creation. The desired
state is saved; the current status of every component involved in the process is also saved, which
generates a sort of audit trail. Such a design allows for easier debugging when the desired outcome is
not achieved.

As soon as the Pod object is registered within etcd, all the Kubernetes components are on a mission to
converge toward the desired state, regardless of potential issues such as network partitioning, node
failure, and more. This is the difference between running containers on a single machine with a local
container runtime such as Docker or Podman and orchestrating containers at scale with a container
platform such as Kubernetes.

Here’s some food for thought:

I wrote “running the containerized applications” and “deploying the containerized application” to illustrate the difference
between a container runtime such as Docker or Podman running a containerized application and Kubernetes scheduling containers
Another random document with
no related content on Scribd:
 “You have certainly been misinformed,” said she; “you are
welcome to search the house, but be assured you will find no such
men here.”
“Come, come, my little fair un, that is all in my eye and Betty
Martin. Here they are, this is certain, and we are determined to make
our quarters good till we find them out;” and away they went to
search the other apartments of the house.
Meanwhile our charming little protectress, alarmed at the
threatened siege, and fearing that we would be starved into a
surrender, took the opportunity, while the gang were rummaging the
parlour and some other bedrooms, to supply our garrison with
provisions. A basket with boiled ham, a couple of capons, a
household loaf of ample dimensions, half-a-dozen of brown stout,
the family bottle of excellent stingo, and a can of water, were
expeditiously handed up the vent. This supply set our minds quite at
ease, as we knew it would enable us to stand a week’s close siege. Our
patience, however, was not put to this trial, for the gang, after a two
hours’ vigilant search, abandoned their pursuit in despair, and
departed.
We could not, of course, think of venturing up to Bristol to look
after our wages, so we employed our landlord to perform this duty.
After a good many vexatious delays, we succeeded in getting our
money, paid off all scores, and began to think how we were to
dispose of ourselves. My companion Lindsay was so deeply smitten
with the charms of one of the youthful sirens, that he found it
impossible to depart; and I had to concert all my future projects
alone, and leave him bound in Cupid’s silken chain.
My blue jacket and fringed dimity trousers, my check shirt and
scarlet vest, were at once discarded, and their places supplied by
articles of a more landward appearance. I knew that it would be
impossible to travel the country safely in seaman’s dress, so I
determined to try my fortune as a beau. The body of Bill Bobstay
incased in a ruffled shirt, silk vest, white stockings, breeches
buttoned at the knees, and a swallow-tailed coat, presented such a
curious spectacle, that he himself could scarcely help laughing at it,
and it seemed to produce the same effects on the landlord’s
daughter, as she with a witching smile chucked up my chin, until she
arranged the bights and ends of my white neckcloth, according to the
most approved form. She took as long to perform this little office as I
could have rigged in toto, and seamen are never backward in acts of
courtesy, when the ladies are concerned. Her ruby lips were all the
while within marlingspike’s length of my own, and how could I avoid
saluting them?
Thus equipped, I set out on foot for Bath, but as I had no business
to perform in that city of invalided nabobs, I immediately took coach
for London, and after travelling all night, I, on awaking from a short
nap, found myself rattling over the stones at Hyde Park corner.
My object was to procure a passage to the northward, in one of the
Leith or Berwick smacks, and I expected in eight or ten days, after an
absence of as many years, to set foot once more on my native soil. As
soon therefore as the coach stopped in Piccadilly, I alighted, and
knowing the bearing by compass of London Bridge, I, without
waiting to breakfast, winded my way through the Haymarket, past
Charing Cross, along the Strand, Fleet Street, and Ludgate Hill, till I
arrived at St Paul’s. From this point I took a fresh departure, and
holding as nearly as cross streets would admit, a south-easterly
course, gained Thames Street, and soon found myself in the vicinity
of the Tower.
Smartly as I had moved my body along, my imagination, as is
usual with me, had got a long way a-head. It had obtained a passage,
secured a fair wind, landed me on the pier of Leith, and was
arranging my introductory visit to my friends, so as to produce the
greatest sum of agreeable surprise. But there is much, says the old
proverb, between the cup and the lip. In the midst of this agreeable
reverie, as I was crossing Tower Hill, I found myself tapped on the
shoulder, and on looking round, was accosted by a man in seaman’s
dress in the words, “What ship?” I assumed an air of gravity and
surprise, and told him I apprehended he was under some mistake, as
my business did not lie among shipping. But the fellow was too well
acquainted with his business to be thus easily put off. He gave a
whistle, the sound of which still vibrates in my ear, and in a moment
I was surrounded by half-a-dozen ruffians, whom I immediately
suspected, and soon found out to be the press-gang. They dragged
me hurriedly through several lanes and alleys, amid the mingled
sympathy and execrations of a numerous crowd, which had collected
to witness my fate, and soon landed me in the rendezvous. I was
immediately ushered into the presence of the lieutenant of the gang,
who questioned me as to my name, country, profession, and what
business had led me to Tower Hill. Totally unexpecting any such
interruption, I had not thought of concocting any plausible story, and
my answers were evasive and contradictory. I did not acknowledge
having been at sea; but my hands were examined, found hard with
work, and discoloured with tar. This circumstance condemned me,
and I was remanded for further examination.
Some of the gang then offered me spirits, affected to pity me, and
pretended to comfort me under my misfortune, but like the
comforters of Job, miserable comforters were they all. The very
scoundrel who first seized me put on a sympathising look, and
observed what a pity it was to be disappointed when so near the
object of my wishes. Such sympathy from such a source was truly
provoking; but having no way of showing my resentment, I was
constrained to smother it.
In a short time I was reconducted into the presence of the
lieutenant, who told me, as I was already in his hands, and would
assuredly be kept, I might as well make a frank confession of my
circumstances. It would save time, and insure me better treatment.
What could I do? I might indeed have continued silent and sullen,
but of what service could this prove? It might, or might not, have
procured me worse treatment, but one thing I knew well, it would
not restore me to liberty. I therefore acknowledged that I had been a
voyage to the West Indies, and had come home carpenter of a ship.
His eye brightened at this intelligence.
“I am glad of this, my lad. We are very much in want of carpenters.
Step along with these lads, and they will give you a passage aboard.”
The same fellows who had first seized me led me along the way we
came, handed me into a pinnace lying at Tower Wharf, and before
mid-day I was safely handed on board the Enterprize.
What crosses and vexations, and reverses and disappointments,
are we mortals destined to meet with in life’s tempestuous voyage! At
eight in the morning I entered London a free agent, elated with joy,
and buoyed up with hope. At noon I entered a prison ship, a
miserable slave, oppressed with sorrow, and ready to despair.
 Despair, did I say? No. I will have nothing to do with that disturber
of human peace. When misfortune befalls us, we are not to sit down
in despondency and sigh. Up and be doing, is the wise man’s maxim,
and it was the maxim I was resolved to observe. What befell me on
my arrival on board the Enterprize, what reception I met with, and
what mirth I excited as I was lowered into the press-room, with my
short breeches and swallow-tailed coat—what measures I exerted to
regain my liberty, and what success attended these measures—the
space at my disposal prevents me setting forth.—Paisley Magazine.
 THE LAIRD OF COOL’S GHOST.

Upon the 3d day of February 1722 at seven o’clock in the evening,

after I had parted with Thurston, and coming up the burial road, one
came up riding after me. Upon hearing the noise of the horse’s feet, I
took it to be Thurston; but looking back, and seeing the horse of a
gray colour, I called, “Who’s there?” The answer was, “The Laird of
Cool; be not afraid.” Looking to him with the little light the moon
afforded, I took him to be Collector Castlelaw, who had a mind to put
a trick upon me, and immediately I struck with all my force with my
cane, thinking I would leave a mark upon him that would make him
remember his presumption; but although sensible I aimed as well as
ever I did in my life, yet my cane finding no resistance, but flying out
of my hand to the distance of sixty feet, and observing it by its white
head, I dismounted and took it up, but had some difficulty in
mounting again, partly by reason of a certain sort of trembling
throughout my whole joints, something also of anger had its share in
my confusion; for though he laughed when my staff flew out of my
hand, coming up with him again (who halted all the time I was
seeking my staff), I asked him once more who he was? He answered,
“The Laird of Cool.” I inquired, first, if he was the Laird of Cool;
secondly, what brought him thither? and thirdly, what was his
business with me? He answered, “The reason that I want you is, that
I know you are disposed to do for me what none of your brethren in
Nithsdale will so much as attempt, though it serve never so good a
purpose.” I told him I would never refuse to do anything to serve a
good purpose, if I thought I was obliged to do it as my duty. He
answered, that I had undertaken what few in Nithsdale would, for he
had tried several persons on that subject, who were more obliged to
him than I was to any person living. Upon this I drew my bridle
reins, and asked in surprise, what I had undertaken? He answered,
“That on Sabbath last, I heard you condemned Mr Paton, and the
other ministers of Dumfries, for dissuading Mr Menzies from
keeping his appointment with me; and if you had been in their place,
would have persuaded the lad to do as I desired, and that you would
have gone with him yourself, if he had been afraid; and if you had
been in Mr Paton’s place, you would have delivered my commissions
yourself, as they tended to do several persons justice.” I asked him,
“Pray, Cool, who informed you that I talked at that rate?” to which he
answered, “You must know that we are acquainted with many things
that the living know nothing about; these things you did say, and
much more to that purpose, and deliver my commissions to my
loving wife.” Upon this I said, “’Tis a pity, Cool, that you who know so
many things should not know the difference between an absolute and
conditional promise; I did, indeed, at the time you mention, blame
Mr Paton, for I thought him justly blamable, in hindering the lad to
meet with you, and if I had been in his place, I would have acted
quite the reverse; but I did never say, that if you would come to
Innerwick and employ me, that I would go all the way to Dumfries on
such an errand; that is what never so much as entered into my
thoughts.” He answered, “What were your thoughts I don’t pretend
to know, but I can depend on my information these were your words.
But I see you are in some disorder; I will wait upon you when you
have more presence of mind.”
By this time we were at James Dickson’s enclosure, below the
churchyard; and when I was recollecting in my mind, if ever I had
spoken these words he alleged, he broke off from me through the
churchyard, with greater violence than any man on horseback is
capable of, with such a singing and buzzing noise, as put me in
greater disorder than I was in all the time I was with him. I came to
my house, and my wife observed more than ordinary paleness in my
countenance, and alleged that something ailed me. I called for a
dram, and told her I was a little uneasy. After I found myself a little
refreshed, I went to my closet to meditate on this most astonishing
adventure.
Upon the 5th of March 1722, being at Harehead, baptizing the
shepherd’s child, I came off about sunsetting, and near William
White’s march, the Laird of Cool came up with me as formerly; and
after his first salutation bade me not be afraid. I told him I was not in
the least afraid, in the name of God and Christ my Saviour, that he
would do me the least harm; for I knew that He in whom I trusted
was stronger than all they put together; and if any of them should
attempt to do, even to the horse that I ride upon, as you have done to
Doctor Menzies’ man, I have free access to complain to my Lord and
Master, to the lash to whose resentment you are as liable now as
before.
Cool. You need not multiply words on that head, for you are safe
with me; and safer, if safer can be, than when I was alive.
Ogil. Well then, Cool, let me have a peaceable and easy
conversation with you for the time we ride together, and give me
some information concerning the affairs of the other world, for no
man inclines to lose his time in conversing with the dead, without
hearing or learning something useful.
Cool. Well, sir, I will satisfy you as far as I think proper and
convenient. Let me know what information you want.
Ogil. May I then ask you, if you be in a state of happiness or not?
Cool. There are a great many things I can answer that the living are
ignorant of; there are a great many things that, notwithstanding the
additional knowledge I have acquired since my death, I cannot
answer; and there are a great many questions you may start, of which
the last is one that I will not answer.
Ogil. Then I know how to manage our conversation; whatever I
inquire of you, I see you can easily shift me; to that I might profit
more by conversing with myself.
Cool. You may try.
Ogil. Well, then, what sort of a body is that you appear in; and
what sort of a horse is that you ride upon, which appears to be so full
of mettle?
Cool. You may depend upon it, it is not the same body that I was
witness to your marriage in, nor in which I died, for that is in the
grave rotting; but it is such a body as serves me in a moment, for I
can fly as fleet with it as my soul can do without it; so that I can go to
Dumfries, and return again, before you can ride twice the length of
your horse; nay, if I have a mind to go to London, or Jerusalem, or to
the moon, if you please, I can perform all these journeys equally
soon, for it costs me nothing but a thought or wish: for this body is as
fleet as your thought, for in the moment of time you can turn your
thoughts on Rome, I can go there in person; and as for my horse, he
is much like myself, for he is Andrew Johnston, my tenant, who died
forty-eight hours before me.
Ogil. So it seems when Andrew Johnston inclines to ride, you must
serve him in the quality of a horse, as he does you now.
Cool. You are mistaken.
Ogil. I thought that all distinctions between mistresses and maids,
lairds and tenants, had been done away at death.
Cool. True it is, but you do not take up the matter.
Ogil. This is one of the questions you won’t answer.
Cool. You are mistaken, for the question I can answer, and after
you may understand it.
Ogil. Well then, Cool, have you never yet appeared before God, nor
received any sentence from Him as a Judge?
Cool. Never yet.
Ogil. I know you was a scholar, Cool, and ’tis generally believed
there is a private judgment, besides the general at the great day, the
former immediately after death. Upon this he interrupted me,
arguing.
Cool. No such thing, no such thing! No trial; no trial till the great
day! The heaven which good men enjoy after death consists only in
the serenity of their minds, and the satisfaction of a good conscience;
and the certain hopes they have of eternal joy, when that day shall
come. The punishment or hell of the wicked, immediately after
death, consists in the stings of an awakened conscience, and the
terrors of facing the great Judge, and the sensible apprehensions of
eternal torments ensuing! And this bears still a due proportion to the
evils they did when living. So indeed the state of some good folks
differ but little in happiness from what they enjoyed in the world,
save only that they are free from the body, and the sins and sorrows
that attended it. On the other hand, there are some who may be said
rather not to have been good, than that they are wicked; while living,
their state is not easily distinguished from that of the former; and
under that class comes a great herd of souls—a vast number of
ignorant people, who have not much minded the affairs of eternity,
but at the same time have lived in much indolence, ignorance, and
innocence.
 Ogil. I thought that their rejecting the terms of salvation offered
was sufficient ground for God to punish them with eternal
displeasure; and as to their ignorance, that could never excuse them,
since they live in a place of the world where the true knowledge of
these things might have been easily attained.
Cool. They never properly rejected the terms of salvation; they
never, strictly speaking, rejected Christ; poor souls, they had as great
a liking both to Him and heaven, as their gross imaginations were
capable of. Impartial reason must make many allowances, as the
stupidity of their parents, want of education, distance from people of
good sense and knowledge, and the uninterrupted applications they
were obliged to give to their secular affairs for their daily bread, the
impious treachery of their pastors, who persuaded them, that if they
were of such a party all was well; and many other considerations
which God, who is pure and perfect reason itself, will not overlook.
These are not so much under the load of Divine displeasure, as they
are out of His grace and favour; and you know it is one thing to be
discouraged, and quite another thing to be persecuted with all the
power and rage of an incensed earthly king. I assure you, men’s faces
are not more various and different in the world, than their
circumstances are after death.
Ogil. I am loath to believe all that you have said at this time, Cool
(but I will not dispute those matters with you), because some things
you have advanced seem to contradict the Scriptures, which I shall
always look upon as the infallible truth of God. For I find, in the
parable of Dives and Lazarus, that the one was immediately after
death carried up by the angels into Abraham’s bosom, and the other
immediately thrust down to hell.
Cool. Excuse me, sir, that does not contradict one word that I have
said; but you seem not to understand the parable, whose only end is
to illustrate the truth, that a man may be very happy and flourishing
in this world, and wretched and miserable in the next; and that a
man maybe miserable in this world, and happy and glorious in the
next.
Ogil. Be it so, Cool, I shall yield that point to you, and pass to
another, which has afforded me much speculation since our last
encounter; and that is, How you came to know that I talked after the
manner that I did concerning Mr Paton, on the first Sabbath of
February last? Was you present with me, but invisible? He answered
very haughtily, No, sir, I was not present myself. I answered, I would
not have you angry, Cool. I proposed this question for my own
satisfaction; but if you don’t think proper to answer, let it pass. After
he had paused, with his eyes on the ground, for three or four minutes
of time at most, with some haste and seeming cheerfulness, he says—
Cool. Well, sir, I will satisfy you in that point. You must know that
there are sent from heaven angels to guard and comfort, and to do
other good services to good people, and even the spirits of good men
departed are employed in that errand.
Ogil. And do you not think that every man has a good angel?
Cool. No, but a great many particular men have: there are but few
houses of distinction especially, but what have at least one attending
them; and from what you have already heard of spirits, it is no
difficult matter to understand how they may be serviceable to each
particular member, though at different places at a great distance.
Many are the good offices which the good angels do to them that fear
God, though many times they are not sensible of it: and I know
assuredly, that one powerful angel, or even an active clever soul
departed, may be sufficient for some villages; but for your great
cities, such as London, Edinburgh, or the like, there is one great
angel that has the superintendence of the whole; and there are
inferior angels, or souls departed, to whose particular care such a
man, of such a particular weight or business, is committed. Now, sir,
the kingdom of Satan does ape the kingdom of Christ as much in
matters of politics as can be, well knowing that the court of wisdom
is from above; so that from thence are sent out missionaries in the
same order. But because the kingdom of Satan is much better
replenished than the other, instead of one devil there are in many
instances two or three commissioned to attend a particular family of
influence and distinction.
Ogil. I read that there are ten thousand times ten thousand of
angels that wait upon God, and sing His praise and do His will; and I
cannot understand how the good angels can be inferior in number to
the evil.
Cool. Did not I say, that whatever the number be, the spirits
departed are employed in the same business; so that as to the
number of original deities, whereof Satan is chief, I cannot
determine, but you need not doubt but there are more souls departed
in that place, which in a loose sense you call hell, by almost an
infinity, than what are gone to that place, which, in a like sense, you
call heaven, which likewise are employed in the same purpose; and I
can assure you that there is as great a difference between angels,
both good and bad, as there is among men, with respect to their
sense, knowledge, cunning, cleverness, and action; nay, which is
more, the departed souls on both sides outdo severals, from their
very first departure, of the original angels. This you will perhaps
think a paradox, but is true.
Ogil. I do not doubt it; but what is that to my question, about
which I am solicitous?
Cool. Take a little patience, sir; from what I have said you might
have understood me, if you had your thoughts about you; but I shall
explain myself to you. Both the good and the bad angels have stated
times of rendezvous, and the principal angels, who have the charge
either of towns, cities, or kingdoms, not to mention particular
persons, villages, and families, and all that is transacted in these
several parts of the country, are there made open; and at their re-
encounter on each side, every thing is told, as in your parish, in
milns, kilns, and smithies, with this difference, that many things
false are talked at the living re-encounters, but nothing but what is
exact truth is said or told among the dead; only I must observe to
you, that, as I am credibly informed, several of the inferior bad
angels, and souls of wicked men departed, have told many things
that they have done, and then when a more intelligent spirit is sent
out upon inquiry, and the report of the former seeming doubtful, he
brings in a contrary report, and makes it appear truth, the former
fares very ill: nevertheless their regard to truth prevents it; for while
they observe the truth, they do their business and keep their station,
for God is truth.
Ogil. So much truth being among the good angels, I am apt to
think that lies and falsehood will be as much in vogue among the
bad.
Cool. A gross mistake, and it is not alone the mistake which the
living folks fall under with respect to the other world; for the case
plainly is this: an ill man will not stick at a falsehood to promote his
design; as little will an evil soul departed stop at anything that can
make himself successful; but in admitting report he must tell the
truth, or woe be to him. But besides their monthly, quarterly, or
yearly meetings, or whatever they be, departed souls acquainted may
take a trip to see one another yearly, weekly, daily, or oftener, if they
please. Thus, then, I answer your question that you was so much
concerned about; for my information was from no less than three
persons, viz., Aikman, who attends Thurston’s family; James Corbet,
who waits upon Mr Paton; for at that time he was then looking after
Mrs Sarah Paton, who was at your house, and an original emissary
appointed to wait upon yours.
At this I was much surprised, and after a little thinking, I asked
him, And is their really, Cool, an emissary from hell, in whatever
sense you take it, that attends my family?
Cool. You may depend upon it.
Ogil. And what do you think is his business?
Cool. To divert you from your duty, and cause you to do as many ill
things as he can; for much depends on having the minister on their
side.
Upon this I was struck with a sort of terror, which I cannot account
for. In the meantime he said several things I did not understand. But
after coming to my former presence of mind, said—
Ogil. But, Cool, tell me, in earnest, if there be a devil that attends
my family, though invisible.
Cool. Just as sure as you are breathing; but be not so much
dejected upon this information, for I tell you likewise that there is a
good angel who attends you, who is stronger than the other.
Ogil. Are you sure of that, Cool?
Cool. Yes; there is one riding on your right hand, who might as
well have been elsewhere, for I meant you no harm.
Ogil. And how long has he been with me?
Cool. Only since we passed Brand’s Lee, but now he is gone.
Ogil. We are just upon Elenscleugh, and I desire to part with you,
though perhaps I have gained more by conversation than I could
have otherwise done in a twelvemonth. I choose rather to see you
another time, when you’re at leisure, and I wish it were at as great a
distance from Innerwick as you can.
 Cool. Be it so, sir; but I hope you will be as obliging to me next re-
encounter, as I have been to you this.
Ogil. I promise you I will, as far as is consistent with my duty to
my Lord and Master Christ Jesus; and since you have obliged me so
much by information, I will answer all the questions you propose, as
far as consists with my knowledge; but I believe you want no
information from me.
Cool. I came not here to be instructed by you, but I want your help
of another kind.
Upon the 5th of April 1722, as I was returning from Old
Hamstocks, Cool came up with me on horseback at the foot of the
ruinous enclosure, before we came to Dod. I told him his last
conversation had proved so acceptable to me, that I was well pleased
to see him again; that there was a number of things that I wanted to
inform myself further of, if he would be so good as satisfy me.
Cool. Last time we met, I refused you nothing you asked; and now
I expect that you shall refuse me nothing that I shall ask.
Ogil. Nothing, sir, that is in my power, or that I can do with safety
to my reputation and character. What, then, are your demands?
Cool. All that I desire of you is, that as you promised that on a
Sabbath-day you would go to my wife, who now possesses all my
effects, and tell her the following particulars—tell her in my name to
rectify these matters:—First, That I was owing justly to Provost
Crosby £50 Scots, and three years’ interest, but on hearing of his
death, my good-brother the Laird of C—l and I forged a discharge,
narrated the bond, the sum, and other particulars, with this
honourable clause, “And at the time it had fallen by, and could not be
found;” with an obligation on the provost’s part to deliver up this
bond as soon as he could hit upon it. And this discharge was dated
three months before the provost’s death. And when his son and
successor, Andrew Crosby, wrote to me concerning this bond, I came
to him and showed him the forged discharge, which silenced him; so
that I got up my bond without more ado. And when I heard of Robert
Kennedy’s death, with the same help of C—l, I got a bill upon him for
£190, of which I got full and complete payment. C—l got the half.
When I was at Dumfries, the same day that Robert Grier died, to
whom I was owing an account of £36, C—l, my good-brother, was
then at London; and not being able of myself, being but a bad writer,
to make out a discharge of the account, which I wanted, I met
accidently with one Robert Boyd, a poor writer lad in Dumfries; I
took him to Mrs Carnock’s, and gave him a bottle of wine, and told
him I had paid Thomas Grier’s account, but had neglected to get a
discharge, and if he would help me to one I would reward him. He
flew away from me in a great passion, saying, he would rather be
hanged; but if I had a mind for these things, I had better wait till C—l
came home. This gave me great trouble, fearing what C—l and I had
done formerly was no secret. I followed Boyd to the street, and made
an apology, saying, I was jesting, commending him for his honesty,
and got his promise never to repeat what had passed. I sent for my
Cousin B—m H—rie, your good-brother, who, with no difficulty, for a
guinea and a half, undertook and performed all that I wanted; and
for a guinea more made me up a discharge for £200 Scots that I was
owing to your father-in-law and his friend Mr Muirhead, which
discharge I gave to John Ewart, when he desired the money; and he,
at my desire, produced it to you, which you sustained.
A great many of the like instances were told, of which I cannot
remember the persons, names, and things; but, says he, what vexes
me more than all these, is the injustice I did Homer Maxwell, tenant
to my Lord Nithsdale, for whom I was factor. I borrowed £2000
from him, £500 of which he borrowed from another hand: I gave
him my bond, and, for reasons I contrived, I obliged him to secrecy.
He died within the year, and left nine children, his wife being dead
before himself. I came to seal up his papers for my lord’s security; his
eldest daughter entreated me to look through them all, and to give
her an account of what was their stock and what was their debt. I
very willingly undertook it; and in going through the papers, I put
my own bond in my pocket. His circumstances proving bad, his nine
children are now starving. These things I desire you to represent to
my wife, and take her brother with you, and let them be immediately
rectified, for she has a sufficient fund to do it upon; and if it were
done, I think I would be easy, and therefore I hope you will make no
delay.
After a short pause, I answered, ’Tis a good errand, Cool, you are
sending me to do justice to the oppressed and injured; but
notwithstanding I see myself come in for £200 Scots, yet I beg a little
time to consider the matter. And since I find you are as much master
of reason now as ever, and more than ever, I will reason upon the
matter in its general view, and then with respect to the expediency of
my being the messenger; and this I will do with all manner of
frankness. From what you have said, I see clearly what your present
condition is, so that I need not ask any more questions on that head;
and you need not bid me take courage, for at this moment I am no
more afraid of you than a new-born child.
Cool. Well, say on.
Ogil. Tell me, then, since such is your ability that you can fly a
thousand miles in the twinkling of an eye, if your desire to do the
oppressed justice be as great as you pretend, what’s the reason you
don’t fly to the coffers of some rich Jew or banker, where are
thousands of gold and silver, invisibly lift, and invisibly return it to
the coffers of the injured? And since your wife has sufficient funds,
and more, why cannot you empty her purse invisibly, to make these
people amends?
Cool. Because I cannot.
Ogil. You have satisfied me entirely upon that head. But pray,
Cool, what is the reason that you cannot go to your wife yourself, and
tell her what you have a mind? I should think this a more sure way to
gain your point.
Cool. Because I will not.
Ogil. That is not an answer to me, Cool.
Cool. That is one of the questions that I told you long ago I would
not answer: but if you go as I desire, I promise to give you full
satisfaction after you have done your business. Trust me for once,
and believe me I will not disappoint you.
Upon the 10th of April 1722, coming from Old Cambus, upon the
post-road, I met with Cool on the head of the heath called the Pees.
He asked me, if I had considered the matter he had recommended? I
told him I had, and was in the same opinion I was in when we
parted; that I would not possibly undertake his commissions, unless
he could give me them in writing under his hand. I told him that the
list of his grievances were so great that I could not possibly
remember them without being put in writing; and that I wanted
nothing but reason to determine me in that, and all other affairs of
my life.
“I know,” says he, “this is a mere evasion: but tell me if the Laird of
Thurston will do it?”
“I am sure,” said I, “he will not; and if he should, I would do all
that I could to hinder him; for I think he has as little to do in these
matters as myself. But tell me, Cool, is it not as easy to write your
story as tell it, or ride on what-do-ye-call-him? for I have forgot your
horse’s name.”
Cool. No, sir, it is not; and perhaps I may convince you of the
reasonableness of it afterwards.
Ogil. I would be glad to hear a reason that is solid for not speaking
to your wife yourself; but, however, any rational creature may see
what a fool I would make of myself, if I would go to Dumfries, and
tell your wife you had appeared to me, and told so many forgeries
and villanies that you had committed, and that she behoved to make
reparation; the consequence might perhaps be, that she would scold
me; for she would be loath to part with any money she possesses, and
therefore tell me I was mad, or possibly pursue me for calumny. How
would I vindicate myself; how could I prove that you ever spoke with
me? Mr Paton and other ministers in Dumfries would tell me the
devil had spoken with me; and why should I repeat these things for
truth which he, that was a liar from the beginning, had told me? C—p
—l and B—r— H—rie would be upon me, and pursue me before the
commissary; everybody would look upon me as brain-sick or mad:
therefore, I entreat you, do not insist upon sending me so ridiculous
an errand. The reasonableness of my demands I leave to your own
consideration, as you did your former to mine. But dropping the
matter till our next interview, give me leave to enter upon some more
diverting subject. I do not know, Cool, but the information you have
given may do as much service to mankind, as the redress of all these
grievances I would amount to. Mr Ogilvie died very soon after.—Old
Chap Book.
 ALLAN-A-SOP.

By Sir Walter Scott.

The MacLeans, a bold and hardy race, who, originally followers of

the Lords of the Isles, had assumed independence, seized upon great
part both of the Isle of Mull and the still more valuable island of
Islay, and made war on the MacDonalds with various success. There
is a story belonging to this clan, which I may tell you, as giving
another striking picture of the manners of the Hebrideans.
The chief of the clan, MacLean of Duart, in the Isle of Mull, had an
intrigue with a beautiful young woman of his own clan, who bore a
son to him. In consequence of the child’s being, by some accident,
born on a heap of straw, he received the name of Allan-a-Sop, or
Allan of the Straw, by which he was distinguished from others of his
clan. As his father and mother were not married, Allan was, of
course, a bastard, or natural son, and had no inheritance to look for,
save that which he might win for himself.
But the beauty of the boy’s mother having captivated a man of rank
in the clan, called MacLean of Torloisk, he married her, and took her
to reside with him at his castle of Torloisk, situated on the shores of
the sound, or small strait of the sea, which divides the smaller island
of Ulva from that of Mull. Allan-a-Sop paid his mother frequent visits
at her new residence, and she was naturally glad to see the poor boy,
both from affection, and on account of his personal strength and
beauty, which distinguished him above other youths of his age. But
she was obliged to confer marks of her attachment on him as
privately as she could, for Allan’s visits were by no means so
acceptable to her husband as to herself. Indeed, Torloisk liked so
little to see the lad, that he determined to put some affront on him,
which should prevent his returning to the castle for some time. An
opportunity for executing his purpose soon occurred.
The lady one morning, looking from the window, saw her son
coming wandering down the hill, and hastened to put a girdle cake
upon the fire, that he might have hot bread for breakfast. Something
called her out of the apartment after making this preparation, and
her husband, entering at the same time, saw at once what she had
been about, and determined to give the boy such a reception as
should disgust him for the future. He snatched the cake from the
girdle, thrust it into his stepson’s hands, which he forcibly closed on
the scalding bread, saying, “Here, Allan, here is a cake which your
mother has got ready for your breakfast.” Allan’s hands were severely
burnt; and, being a sharp-witted and proud boy, he resented this
mark of his step-father’s ill-will, and came not again to Torloisk.
At this time the western seas were covered with the vessels of
pirates, who, not unlike the sea-kings of Denmark at an early period,
sometimes settled and made conquests on the islands. Allan-a-Sop
was young, strong, and brave to desperation. He entered as a
mariner on board of one of these ships, and in process of time
obtained the command, first of one galley, then of a small flotilla,
with which he sailed round the seas and collected considerable
plunder, until his name became both feared and famous. At length he
proposed to himself to pay a visit to his mother, whom he had not
seen for many years; and setting sail for this purpose, he anchored
one morning in the sound of Ulva, and in front of the house of
Torloisk. His mother was dead, but his step-father, to whom he was
now as much an object of fear as he had been formerly of aversion,
hastened to the shore to receive his formidable stepson, with great
affectation of kindness and interest in his prosperity; while Allan-a-
Sop, who, though very rough and hasty, does not appear to have been
sullen or vindictive, seemed to take his kind reception in good part.
The crafty old man succeeded so well, as he thought, in securing
Allan’s friendship, and obliterating all recollections of the former
affront put on him, that he began to think it possible to employ his
stepson in executing his own private revenge upon MacQuarrie of
Ulva, with whom, as was usual between such neighbours, he had
some feud. With this purpose, he offered what he called the following
good advice to his stepson:—“My dear Allan, you have now wandered
over the seas long enough: it is time you should have some footing
upon land—a castle to protect yourself in winter, a village and cattle
for your men, and a harbour to lay up your galleys. Now, here is the
island of Ulva, near at hand, which lies ready for your occupation,
and it will cost you no trouble, save that of putting to death the
present proprietor, the Laird of MacQuarrie, a useless old carle, who
has cumbered the world long enough.”
Allan-a-Sop thanked his step-father for so happy a suggestion,
which he declared he would put in execution forthwith. Accordingly,
setting sail the next morning, he appeared before MacQuarrie’s
house an hour before noon. The old chief of Ulva was much alarmed
at the menacing apparition of so many galleys, and his anxiety was
not lessened by the news that they were commanded by the
redoubted Allan-a-Sop. Having no effectual means of resistance,
MacQuarrie, who was a man of shrewd sense, saw no alternative save
that of receiving the invaders, whatever might be their purpose, with
all outward demonstrations of joy and satisfaction; the more
especially as he recollected having taken some occasional notice of
Allan during his early youth, which he now resolved to make the
most of. Accordingly, MacQuarrie caused immediate preparations to
be made for a banquet, as splendid as circumstances admitted,
hastened down to the shore to meet the rover, and welcomed him to
Ulva with such an appearance of sincerity, that the pirate found it
impossible to pick any quarrel, which might afford a pretence for
executing the violent purpose which he had been led to meditate.
They feasted together the whole day; and, in the evening, as Allan-
a-Sop was about to retire to his ships, he thanked the laird for his
hospitality, but remarked, with a sigh, that it had cost him very dear.
“How can that be,” said MacQuarrie, “when I bestowed this
entertainment upon you in free goodwill?”
“It is true, my friend,” replied the pirate, “but then it has quite
disconcerted the purpose for which I came hither; which was to put
you to death, my good friend, and seize upon your house and island,
and so settle myself in the world. It would have been very convenient
for me, this island of Ulva; but your friendly reception has rendered
it impossible for me to execute my purpose, so that I must be a
wanderer on the seas for some time longer.”
 Whatever MacQuarrie felt at learning he had been so near to
destruction, he took care to show no emotion save surprise, and
replied to his visitor: “My dear Allan, who was it that put into your
mind so unkind a purpose towards your old friend; for I am sure it
never arose from your own generous nature? It must have been old
Torloisk, who made such an indifferent husband to your mother, and
such an unfriendly step-father to you when you were a helpless boy;
but now, when he sees you a bold and powerful leader, he desires to
make a quarrel betwixt you and those who were the friends of your
youth. If you consider this matter rightly, Allan, you will see that the
estate and harbour of Torloisk lie to the full as conveniently for you
as those of Ulva, and that, if you are disposed (as is very natural) to
make a settlement by force, it is much better it should be at the
expense of the old churl, who never showed you kindness or
countenance, than at that of a friend like me, who always loved and
honoured you.”
Allan-a-Sop was struck with the justice of this reasoning; and the
old offence of his scalded fingers was suddenly recalled to his mind.
“It is very true what you say, MacQuarrie,” he replied, “and, besides,
I have not forgotten what a hot breakfast my step-father treated me
to one morning. Farewell for the present; you shall soon hear news of
me from the other side of the Sound.” Having said thus much, the
pirate got on board, and commanding his men to unmoor the galleys,
sailed back to Torloisk, and prepared to land in arms. MacLean
hastened to meet him, in expectation to hear of the death of his
enemy, MacQuarrie. But Allan greeted him in a very different
manner from what he expected.
“You hoary old traitor,” he said, “you instigated my simple good-
nature to murder a better man than yourself! But have you forgotten
how you scorched my fingers twenty years ago with a burning cake?
The day is come that that breakfast must be paid for.”
So saying, he dashed out the old man’s brains with a battle-axe,
took possession of his castle and property, and established there a
distinguished branch of the clan of MacLean.—From Tales of a
Grandfather.