C-0255 - Workload with secret access

Framework

security

Severity

High

Description of the the issue

This control identifies workloads that have mounted secrets. Workloads with secret access can potentially expose sensitive information and increase the risk of unauthorized access to critical resources.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, Secret, StatefulSet

What does this control test

Check if any workload has mounted secrets by inspecting their specifications and verifying if secret volumes are defined.

Remediation

Review the workloads identified by this control and assess whether it's necessary to mount these secrets. Remove secret access from workloads that don't require it or ensure appropriate access controls are in place to protect sensitive information.

Example

No example