Encryption Provider Not Properly Configured
- Query id: 10efce34-5af6-4d83-b414-9e096d5a06a9
- Query name: Encryption Provider Not Properly Configured
- Platform: Kubernetes
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
The EncryptionConfiguration should be configured to have at least one 'aescbc', 'kms' or 'secretbox' provider
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- identity: {}
- aesgcm:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- identity: {}
- aesgcm:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
- aescbc:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
- secretbox:
keys:
- name: key1
secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=