Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Kubernetes Settings
Role-based Access Control
Limit Access to Kubernetes Secrets
Limit Access to Kubernetes Secrets
An XCCDF Rule
Details
Profiles
Prose
Limit Access to Kubernetes Secrets
Medium Severity
The Kubernetes API stores secrets, which may be service account tokens for the Kubernetes API or credentials used by workloads in the cluster. Access to these secrets should be restricted to the smallest possible group of users to reduce the risk of privilege escalation. To restrict users from secrets, remove
get
,
list
, and
watch
access to unauthorized users to secret objects in the cluster.