ConfigMap with secrets
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Sensitive information such as passwords or secrets is being stored in Kubernetes ConfigMaps, which are not designed for secure storage and do not provide encryption or access restrictions. This practice exposes confidential data in plain text within the cluster.
Impact#
An attacker or unauthorized user with access to the cluster can easily retrieve sensitive credentials from ConfigMaps, potentially leading to unauthorized access to databases, services, or external systems, and resulting in data breaches or service compromise.
Resolution#
Remove password/secret from configMap data value