💼 [EKS.3] EKS clusters should use encrypted Kubernetes secrets
- ID:
/frameworks/aws-fsbp-v1.0.0/eks/03
Stats​
not available
Description​
When you encrypt secrets, you can use AWS Key Management Service (AWS KMS) keys to provide envelope encryption of Kubernetes secrets stored in etcd for your cluster. This encryption is in addition to the EBS volume encryption that is enabled by default for all data (including secrets) that is stored in etcd as part of an EKS cluster. Using secrets encryption for your EKS cluster allows you to deploy a defense in depth strategy for Kubernetes applications by encrypting Kubernetes secrets with a KMS key that you define and manage.
Similar​
- AWS Security Hub
- Internal
- ID:
dec-c-125e3031
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-8 Transmission Confidentiality and Integrity | 5 | 8 | 25 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-12 Cryptographic Key Establishment and Management | 6 | 1 | 14 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-13 Cryptographic Protection | 4 | 32 | no data | ||
| 💼 PCI DSS v4.0.1 → 💼 8.3.2 Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components. | 14 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|