Amazon Secrets Manager

5.1: AWS Key Management Service (KMS) Keys to Provide Envelope Encryption of Kubernetes Secrets Stored in Amazon Elastic Kubernetes Service (EKS)

πŸ“˜ The use of AWS Key Management Service (KMS) keys for envelope encryption of Kubernetes secrets in Amazon EKS is a critical security measure. It ensures sensitive data like credentials and tokens are securely encrypted, safeguarding them from unauthorized access and breaches.

  • Section: Secret Management
  • Severity: Critical
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure, Tampering
  • Rule Set: Rapticore Benchmark

5.2: Amazon Secrets Manager Secrets Encrypted with Amazon KMS Customer Master Keys (CMKs)

πŸ“˜ Encrypting Amazon Secrets Manager secrets with Amazon KMS Customer Master Keys (CMKs) is a vital security practice. This encryption safeguards critical data such as database credentials, API keys, and OAuth tokens, preventing unauthorized disclosure and tampering.

  • Section: Secret Management
  • Severity: High
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure, Tampering
  • Rule Set: Rapticore Benchmark

Updated 5 months ago

What’s Next