1.2.30 Ensure that encryption providers are appropriately configured

Information

Where etcd encryption is used, appropriate providers should be configured.

Rationale:

Where etcd encryption is used, it is important to ensure that the appropriate set of encryption providers is used. Currently, the aescbc, kms and secretbox are likely to be appropriate options.

Impact:

None

Solution

Follow the Kubernetes documentation and configure a EncryptionConfig file. In this file, choose aescbc, kms or secretbox as the encryption provider.

Default Value:

By default, no encryption provider is set.

See Also

https://workbench.cisecurity.org/files/4111

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|14.8

Plugin: Unix

Control ID: 4b879ecd368636db96a9497a84c8e5199b90432395cca76df97ae017407a7ff4