Encryption provider not properly configured

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Encryption provider not properly configured

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

Id: 10efce34-5af6-4d83-b414-9e096d5a06a9

Cloud Provider: Kubernetes

Platform: Kubernetes

Severity: Medium

Category: Encryption

Learn More

Provider Reference

Description

The EncryptionConfiguration must include at least one provider: aescbc, kms, or secretbox. This rule inspects EncryptionConfiguration documents and checks the providers entries in each resource to find one of these provider names. If none of the expected providers is present, the rule reports a MissingAttribute issue and records the expected and actual values. The check iterates the resource’s resources elements and validates provider keys.

Compliant Code Examples

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - identity: {}
      - aesgcm:
          keys:
            - name: key1
              secret: c2VjcmV0IGlzIHNlY3VyZQ==
            - name: key2
              secret: dGhpcyBpcyBwYXNzd29yZA==
      - aescbc:
          keys:
            - name: key1
              secret: c2VjcmV0IGlzIHNlY3VyZQ==
            - name: key2
              secret: dGhpcyBpcyBwYXNzd29yZA==
      - secretbox:
          keys:
            - name: key1
              secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=

Non-Compliant Code Examples

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - identity: {}
      - aesgcm:
          keys:
            - name: key1
              secret: c2VjcmV0IGlzIHNlY3VyZQ==
            - name: key2
              secret: dGhpcyBpcyBwYXNzd29yZA==