GKE cluster is not using Cloud KMS Key for database encryption - Complete Cloud Security in Minutes - Orca Security

Vendor services misconfigurations

GKE cluster is not using Cloud KMS Key for database encryption

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Description

When Using Application-layer Secrets Encryption you can use a key that you manage in Cloud KMS, to encrypt data at the application layer. This protects against attackers in the event that they manage to gain access to the etcd database of {GcpGkeCluster}. It was detected that {GcpGkeCluster} is not using Application-layer Secrets Encryption in it's etcd database.

Recommended Mitigation

Encrypt Kubernetes secrets at the application-layer using a customer-managed key in Cloud KMS. For more info: https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.