TF 0225 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
EKS should have the encryption of secrets enabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | eks |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The EKS cluster is configured without enabling encryption for Kubernetes secrets using a customer-managed KMS key. This leaves sensitive data stored as secrets in the cluster unprotected at rest.
Impact
If secret encryption is not enabled, anyone who gains unauthorized access to the underlying storage or etcd can read sensitive secrets in plaintext, potentially exposing credentials, API keys, or other confidential information and leading to data breaches or privilege escalation.
Resolution
Enable encryption of EKS secrets