Vendor services misconfigurations

EKS Cluster secrets are not encrypted

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Kubernetes can store secrets that pods can access via a mounted volume. By default, Kubernetes secrets are stored with Base64 encoding, but encrypting them is the recommended approach. Amazon EKS clusters version 1.13 and higher support the capability of encrypting your Kubernetes secrets using AWS Key Management Service (KMS) simply by enabling encryption provider support during EKS cluster creation. Orca has detected that the cluster {AwsEksCluster} does not use encryption for its secrets.