Use managed secret store
Info
ID: MS-M9022
MITRE mitigation: M1029
Use cloud secret store, such as Azure Key Vault, to securely store secrets that are used by the workloads in the cluster. This allows cloud-level management of the secret which includes permission management, expiration management, secret rotation, auditing, etc. The integration of cloud secret stores with Kubernetes is done by using Secrets Store CSI Driver, which is implemented by all major cloud providers.
Techniques Addressed by Mitigation
| ID | Name | Use |
|---|---|---|
| MS-TA9025 | List Kubernetes secrets | Use cloud provider secret store to securely manage credentials in the cluster |
| MS-TA9027 | Application credentials in configuration files | Store secrets securely in managed secret stores |