Let’s start collecting items for a possible security policy
-
All users have unique credentials
-
Data at rest is encrypted
-
Data in flight is encrypted
-
Devices with public facing interfaces utilize two-factor authentication
-
System events will be logged
Kubernetes
Secrets
- On the API server, the secret data is store as plaintext in ETCD
- The secret data is encoded as base64 - This is NOT ENCRYPTION