C-0066 - Secret/ETCD encryption enabled
Secret/ETCD encryption enabled
Note: this control relevant for cloud managed Kubernetes cluster
ArmoBest, cis-eks-t1.2.0, NSA, MITRE, AllControls
Description of the the issue
etcd is a consistent and highly-available key value store used as Kubernetes' backing store for all cluster data. All object data in Kubernetes, like secrets, are stored there. This is the reason why it is important to protect the contents of etcd and use its data encryption feature.
What does this control test
Reading the cluster description from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if etcd encryption is enabled
Turn on the etcd encryption in your cluster, for more see the vendor documentation.
Updated 2 days ago