💼 [EKS.3] EKS clusters should use encrypted Kubernetes secrets

ID: /frameworks/aws-fsbp-v1.0.0/eks/03

Description

When you encrypt secrets, you can use AWS Key Management Service (AWS KMS) keys to provide envelope encryption of Kubernetes secrets stored in etcd for your cluster. This encryption is in addition to the EBS volume encryption that is enabled by default for all data (including secrets) that is stored in etcd as part of an EKS cluster. Using secrets encryption for your EKS cluster allows you to deploy a defense in depth strategy for Kubernetes applications by encrypting Kubernetes secrets with a KMS key that you define and manage.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/eks-controls.html#eks-3
Internal
- ID: dec-c-125e3031

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 SC-8 Transmission Confidentiality and Integrity	5	8	16	no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-12 Cryptographic Key Establishment and Management	6	1	7	no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection	4		13	no data
💼 PCI DSS v4.0.1 → 💼 8.3.2 Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components.			14	no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections