AWS prescriptive-guidance medium security documentation change
Summary
Added recommendation to use Secrets Manager CSI Driver to mitigate data leaks and note about AWS Fargate unsupported
Security assessment
Introduces security documentation about mitigating data leaks via environment variables using Secrets Manager CSI Driver, directly addressing secure secret management.
Diff
diff --git a/prescriptive-guidance/latest/encryption-best-practices/eks.md b/prescriptive-guidance/latest/encryption-best-practices/eks.md index b9450ea66..f3920b330 100644 --- a//prescriptive-guidance/latest/encryption-best-practices/eks.md +++ b//prescriptive-guidance/latest/encryption-best-practices/eks.md @@ -41,0 +42,6 @@ Consider the following encryption best practices for this service: + * To help mitigate the risk of data leaks from environment variables, we recommend you use the [AWS Secrets Manager and Config Provider for Secret Store CSI Driver](https://github.com/aws/secrets-store-csi-driver-provider-aws) (GitHub). This driver allows you to make secrets stored in Secrets Manager and parameters stored in Parameter Store appear as files mounted in Kubernetes pods. + +###### Note + +AWS Fargate is not supported. +