STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Kubernetes Security Technical Implementation Guide

V-274883

CAT I (High)

Sensitive information must be stored using Kubernetes Secrets or an external Secret store provider.

Rule ID

SV-274883r1107239_rule

STIG

Kubernetes Security Technical Implementation Guide

Version

V2R6

CCIs

CCI-004062

Discussion

Sensitive information, such as passwords, keys, and tokens must not be stored in application code. Kubernetes offers a resource called Secrets that are designed for storing sensitive information for use by applications. Secrets are created and managed separately from application code. Additionally, they can be encrypted at rest and access to the secrets can be controlled via RBAC.

Check Content

On the Kubernetes Master node, run the following command:
kubectl get all,cm -A -o yaml 

Manually review the output for sensitive information.

If any sensitive information is found, this is a finding.

Fix Text

Any sensitive information found must be stored in an approved external Secret store provider or use Kubernetes Secrets (attached on an as-needed basis to pods).