Skip to main content

πŸ’Ό [EKS.3] EKS clusters should use encrypted Kubernetes secrets

  • Contextual name: πŸ’Ό [EKS.3] EKS clusters should use encrypted Kubernetes secrets
  • ID: /frameworks/aws-fsbp-v1.0.0/eks/03
  • Located in: πŸ’Ό Elastic Kubernetes Service (EKS)

Description​

When you encrypt secrets, you can use AWS Key Management Service (AWS KMS) keys to provide envelope encryption of Kubernetes secrets stored in etcd for your cluster. This encryption is in addition to the EBS volume encryption that is enabled by default for all data (including secrets) that is stored in etcd as part of an EKS cluster. Using secrets encryption for your EKS cluster allows you to deploy a defense in depth strategy for Kubernetes applications by encrypting Kubernetes secrets with a KMS key that you define and manage.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-8 Transmission Confidentiality and Integrity5810
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-12 Cryptographic Key Establishment and Management613
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-13 Cryptographic Protection46
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 8.3.2 Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components.

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags