1.1.35 Ensure that the encryption provider is set to aescbc

Information

Use 'aescbc' encryption provider.

Rationale:

'aescbc' is currently the strongest encryption provider, It should be preferred over other providers.

Solution

Follow the Kubernetes documentation and configure a 'EncryptionConfig' file. In this file, choose 'aescbc' as the encryption provider.

For example,

'kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret:'

Impact:

None

See Also

https://workbench.cisecurity.org/files/2125