Skip to content

Kubernetes Secret

Service Name: Kubernetes

Service Description: Kubernetes is an open-source container orchestration platform for automating deployment, scaling, and management of containerized applications. Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys.

Service Address: https://kubernetes.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be implemented using Kubernetes Network Policies or service mesh solutions like Istio.

Secret Access Scope: Grants access to sensitive information within a Kubernetes cluster, which can be mounted as files in pods or used as environment variables.

Secret Revokement URL: https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#delete-secret

Secret Example: Kubernetes Secret

Suspicious Activity Investigation Instructions:

  • Review Kubernetes audit logs for unusual access to secrets.
  • Check for unauthorized pod deployments that mount sensitive secrets.
  • Monitor for changes to RBAC permissions related to secret access.
  • Examine etcd for unauthorized access (as secrets are stored in etcd).
  • Review any unusual service account token usage.

Mitigation Instructions:

  • Delete the compromised secret: kubectl delete secret -n
  • Create a new secret with updated credentials.
  • Rotate any credentials that were exposed in the compromised secret.
  • Review and restrict RBAC permissions for accessing secrets.
  • Consider implementing Kubernetes secrets encryption at rest.
  • Implement network policies to restrict which pods can communicate with the API server.
  • Consider using a dedicated secrets management solution like HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault instead of native Kubernetes secrets.