Best practices

K8S API server configuration –encryption-provider-config is not set

Risk Level

Informational (4)

Platform(s)
  • N/A

Description

etcd is a highly available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should be encrypted at rest to avoid any disclosures. Orca has detected that the '--encryption-provider-config' parameter is not set.
  • Recommended Mitigation

    It is recommended to set the '--encryption-provider-config' parameter in the configuration file to a valid file.