0
0
Kubernetesdevops~5 mins

Secrets are not encrypted by default in Kubernetes - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is the default state of Kubernetes Secrets in terms of encryption?
By default, Kubernetes Secrets are stored as base64-encoded strings in etcd, but they are not encrypted at rest.
Click to reveal answer
beginner
Why is it risky to rely on default Kubernetes Secrets storage?
Because Secrets are not encrypted by default, anyone with access to etcd can read sensitive data, risking data exposure.
Click to reveal answer
intermediate
How can you enable encryption for Kubernetes Secrets?
You can enable encryption at rest by configuring the EncryptionConfiguration resource and updating the API server to use it.
Click to reveal answer
beginner
What is the role of etcd in Kubernetes Secrets management?
etcd is the key-value store where Kubernetes stores all cluster data, including Secrets, which by default are stored unencrypted.
Click to reveal answer
beginner
What is base64 encoding and does it provide security for Kubernetes Secrets?
Base64 encoding converts data into text format but does not encrypt it; it only makes data readable by systems, not secure from access.
Click to reveal answer
How are Kubernetes Secrets stored by default?
AHashed with SHA-256
BEncrypted with AES-256
CPlain text in etcd
DBase64 encoded but not encrypted
What must you configure to encrypt Kubernetes Secrets at rest?
AEncryptionConfiguration and API server flags
BPod Security Policies
CNetwork Policies
DRBAC Roles
Why is base64 encoding not enough to protect Secrets?
AIt compresses data too much
BIt only encodes data, does not encrypt it
CIt hashes data irreversibly
DIt stores data in plain text
Where are Kubernetes Secrets stored in the cluster?
AIn container file system only
BIn pod environment variables only
CIn etcd key-value store
DIn the Kubernetes dashboard
What is a simple step to improve Secrets security in Kubernetes?
AEnable encryption at rest for etcd
BUse longer base64 strings
CStore Secrets in ConfigMaps
DDisable RBAC
Explain why Kubernetes Secrets are not secure by default and how you can improve their security.
Think about how Secrets are stored and what encryption means.
You got /5 concepts.
    Describe the role of etcd in Kubernetes Secrets management and the risks involved.
    Consider where Secrets live and who can access them.
    You got /4 concepts.