Posted by George Wainblat
August 3, 2020
A growing number of organizations are counting on Kubernetes for their container orchestration. In order to operate Kubernetes, you need to repeatedly gain access to target machines using keys and certificates – highly sensitive information that needs trustworthy protection.
The winner takes it all…
For this exact reason, container orchestration tools, such as Kubernetes, have become an attack target for malicious attackers that can obtain access and permissions to your workload environments; an especially lucrative target presenting a winner-takes-it-all prize.
Two Examples of Kubernetes Vulnerabilities
- Kubernetes secrets are stored in Etcd in base64, which is an encoding method, not encryption. Meaning, anyone with Admin permissions to the Kubernetes cluster can read the secrets.
- Keys and certificates in Kubernetes (client.key / client.cert) are long-lived, so privileged access is left exposed due to the cumbersome process of offboarding, or changes to privileges of users and applications.
Use Akeyless to Better Protect Your Kubernetes Secrets, Identities, and Access
Akeyless’ secrets management platform adds complete protection to your Kubernetes secrets by providing two layers of security:
1. Secrets Management
- Encrypting secrets using decentralized encryption Key fragments (Akeyless DFC technology)
- Segregation of Clients between different Kubernetes clusters and their secrets
2. Privileged Access Management
- Using short-lived temporary access
- Easy to use and manage access with SSO
Benefits of Akeyless Secrets Management
- Seamless onboarding
- Unified, automated secrets provisioning to all your DevOps platforms
- Zero-Trust encryption for all your secrets
- Simplified compliance with industry regulations as ISO 2700X, HIPAA, SOC2 and more
Akeyless automated, centralized secrets management relieves you of the hassle associated with secrets management while protecting your secrets with zero-trust encryption.