EKS Cluster secrets encryption should be enabled and use KMS CMKs

Documentos > Datadog Security > OOTB Rules > EKS Cluster secrets encryption should be enabled and use KMS CMKs

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

EKS clusters should use AWS KMS customer-managed keys (CMKs) for envelope encryption of Kubernetes secrets. This allows you to encrypt your secrets with a unique data key, which can be automatically rotated on a recurring schedule.

Remediation

For guidance on configuring EKS cluster secrets encryption, refer to the Encrypt Kubernetes secrets with KMS on existing clusters section of the Amazon EKS User Guide.