Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.

An XCCDF Rule

Description

<VulnDiscussion>By leveraging Docker Secrets or Kubernetes secrets to store configuration files and small amounts of user-generated data (up to 500 kb in size), the data is encrypted at rest by the Engine's FIPS-validated cryptography.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-235826r627605_rule
Severity: Medium
References: CCI-001199
Updated: about 1 year ago

For all containerized applications that leverage configuration files and/or small amounts of user-generated data, store that data in Docker Secrets.

All secrets should be created and managed using a UCP client bundle.

A reference for the use of docker secrets can be found at https://docs.docker.com/engine/swarm/secrets/.

Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.

Description

Remediation - Manual Procedure