1.1.35 Ensure that the encryption provider is set to aescbc

Information

Use 'aescbc' encryption provider.

Rationale:

'aescbc' is currently the strongest encryption provider, It should be preferred over other providers.

Solution

Follow the Kubernetes documentation and configure a 'EncryptionConfig' file. In this file, choose 'aescbc' as the encryption provider.

For example,

kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret:

See Also

https://workbench.cisecurity.org/files/2421

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-28, CSCv6|14.5, CSCv7|14.8

Plugin: Unix

Control ID: c7d0061a0575244bf4a79afef894df7bf966993d59adba0ac36d662be0971353