1.1.35 Ensure that the encryption provider is set to aescbc

Information

Use `aescbc` encryption provider.

Rationale:

`aescbc` is currently the strongest encryption provider, It should be preferred over other providers.

Solution

Follow the Kubernetes documentation and configure a `EncryptionConfig` file. In this file, choose `aescbc` as the encryption provider. For example,

kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret:

Impact:

None

See Also

https://workbench.cisecurity.org/files/1738