Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Kubernetes Settings
Kubernetes Secrets Management
Kubernetes Secrets Management
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Kubernetes Secrets Management
2 Rules
Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Such information might otherwise be put in a Pod specification or in an image.
Consider external secret storage
Medium Severity
Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you have more complex secret management needs. Ensure the solution requires authentication to access secrets, has auditing of access to and use of secrets, and encrypts secrets. Some solutions also make it easier to rotate secrets.
Do Not Use Environment Variables with Secrets
Medium Severity
Secrets should be mounted as data volumes instead of environment variables.