The GKE cluster should be encrypted using customer-managed keys in KMS

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Kubernetes secrets, stored in etcd, at the application layer should be encrypted using a customer-managed key in Cloud KMS. Encrypting the application layer this way ensures that sensitive data is safeguarded properly if etcd becomes compromised by an attacker.

Remediation

Follow the steps in Google Cloud’s Enable application-layer secrets encryption documentation.