Enhance Kubernetes Security and Secret Management with Immutable Secrets
Secrets can be easily accessed and modified. A secret consists of several components, e.g., a token. A change in the token is difficult to trace.
A change in a secret can even cause damage in the cluster. (Accidental) modification of a secret, which is located in the kube-system namespace, can paralyze the cluster in the worst case.
Since v.1.19 immutable Secrets, which cannot be changed once created.
To do it, change the following in the yaml:
apiVersion: v1
kind: Secret
metadata:
...
data:
...
immutable: true
Best Practices for Secret Management
Encryption at Rest and in Transit: Ensure that secrets are encrypted both at rest and in transit to protect sensitive information from unauthorized access.
Access Control: Tightly control access to secrets using RBAC and other security measures to limit exposure to only necessary personnel and services.