C-0208 - Consider external secret storage

Prerequisites

Run Kubescape with host sensor (see here)

Framework

cis-aks-t1.2.0, cis-v1.23-t1.0.1

Severity

Medium

Description of the the issue

Kubernetes supports secrets as first-class objects, but care needs to be taken to ensure that access to secrets is carefully limited. Using an external secrets provider can ease the management of access to secrets, especially where secrets are used across both Kubernetes and non-Kubernetes environments.

Related resources

What does this control test

Checking encryption configuration to see if secrets are managed externally by kms using aws, azure, or akeyless vault

How to check it manually

Review your secrets management implementation.

Remediation

Refer to the secrets management options offered by your cloud provider or a third-party secrets management solution.

Impact Statement

None

Default Value

By default, no external secret management is configured.

Example

No example