C-0208 - Consider external secret storage
Prerequisites
Run Kubescape with host sensor (see here)
Framework
cis-v1.23-t1.0.1, cis-aks-t1.2.0
Severity
Medium
Description of the the issue
Kubernetes supports secrets as first-class objects, but care needs to be taken to ensure that access to secrets is carefully limited. Using an external secrets provider can ease the management of access to secrets, especially where secrets are used across both Kubernetes and non-Kubernetes environments.
Related resources
What does this control test
Checking encryption configuration to see if secrets are managed externally by kms using aws, azure, or akeyless vault
How to check it manually
Review your secrets management implementation.
Remediation
Refer to the secrets management options offered by your cloud provider or a third-party secrets management solution.
Impact Statement
None
Default Value
By default, no external secret management is configured.
Example
No example
Updated 11 days ago