MANUAL MAN3: Secrets Management P3

Pending

Overview

These checks require reviewing how secrets are stored and consumed. They recommend using external secret management and avoiding environment variables for sensitive data.

Profile: CIS, NIST 800-53 Moderate, PCI-DSS

Type: Manual — these checks require human review and cannot be automated via MachineConfig or CRD.

Checks Requiring Manual Action

secrets-consider-external-storage

Severity: MEDIUM

Why this fails: Consider external secret storage

Consider the use of an external secrets storage and management system, instead of using Kubernetes Secrets directly, if you have more complex secret management needs. Ensure the solution requires authentication to access secrets, has auditing of access to and use of secrets, and encrypts secrets. Some solutions also make it easier to rotate secrets.

secrets-no-environment-variables

Severity: MEDIUM

Why this fails: Do Not Use Environment Variables with Secrets

Secrets should be mounted as data volumes instead of environment variables.

← MAN2 All Groups MAN4 →
Legend
Status
🔵 In Progress
🟡 Pending
On Hold
🟢 Complete
Severity
HIGH
MEDIUM
LOW
MANUAL

Keyboard Shortcuts

Navigation
j / Next row
k / Previous row
Enter Open selected / Expand details
Esc Clear selection / Close modal
Actions
/ Focus search
d Toggle dark mode
? Show this help
g h Go to home
Filters
1 Show all
2 Pending only
3 In Progress only
4 Complete only