Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.

An XCCDF Rule

Details
Profiles

Description

By leveraging Docker Secrets or Kubernetes secrets to store configuration files and small amounts of user-generated data (up to 500 kb in size), the data is encrypted at rest by the Engine's FIPS-validated cryptography.

ID: SV-235826r627605_rule
Version: DKER-EE-002660
Severity: Medium
References: CCI-001199
Updated: 15 days ago

Remediation Templates

For all containerized applications that leverage configuration files and/or small amounts of user-generated data, store that data in Docker Secrets.

All secrets should be created and managed using a UCP client bundle.

A reference for the use of docker secrets can be found at https://docs.docker.com/engine/swarm/secrets/.

Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.

Description

Remediation Templates

A Manual Procedure