Google > Kubernetes >

Cluster Encryption Enabled

HIGH

Source

CloudSploit

cluster-encryption-enabled

management console

Cluster Encryption Enabled

Ensure that GKE clusters have KMS encryption enabled to encrypt application-layer secrets.

Application-layer secrets encryption adds additional security layer to sensitive data such as Kubernetes secrets stored in etcd.

Recommended Actions

Ensure that all GKE clusters have the desired application-layer secrets encryption level.

Links

https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.