Do Not Use Environment Variables with Secrets

An XCCDF Rule

Details
Profiles
Prose

Description

Secrets should be mounted as data volumes instead of environment variables.

Rationale

Environment variables are subject and very susceptible to malicious hijacking methods by an adversary, as such, environment variables should never be used for secrets.

ID: xccdf_org.ssgproject.content_rule_secrets_no_environment_variables
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)

Req-2.2

SRG-APP-000516-CTR-001325

5.4.1
Updated: about 1 year ago