Consider external secret storage
Set up the kubernetes integration.
Description
Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you have more complex secret management needs. Ensure the solution requires authentication to access secrets, has auditing of access to and use of secrets, and encrypts secrets. Some solutions also make it easier to rotate secrets.
Rationale
Kubernetes supports secrets as first-class objects, but you must ensure that access to secrets is carefully limited. Using an external secrets provider can ease the management of access to secrets, especially where secrets are used across both Kubernetes and non-Kubernetes environments.
Audit
Review your secrets management implementation.
Refer to the secrets management options offered by your cloud provider or a third-party secrets management solution.
Impact
None
Default value
By default, no external secret management is configured.
References
None
CIS controls
Version 7.14.8 Encrypt Sensitive Information at Rest - Encrypt all sensitive information at rest using a tool that requires a secondary authentication mechanism not integrated into the operating system, to access the information.
