This control checks if workloads specifications have sensitive information in their environment variables.Note, this control is configurable. See below the details.
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
Check if the workload has sensitive information in environment variables, by using list of known sensitive key names.
Use Kubernetes secrets or Key Management Systems to store credentials.
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
Strings that identify a value that Kubescape believes should be stored in a Secret, and not in a ConfigMap or an environment variable.
Reduce false positives with known values.
Key names that identify a potential value that should be stored in a Secret, and not in a ConfigMap or an environment variable.
Reduce false positives with known key names.
Updated 3 days ago