17Nis
K8s Secrets Store CSI Driver
Please note this question is specifically to this CSI driver infrastructure and NOT to the K8s Secrets infrastructure.
Reviewing this implementation with regards to some enterprise work. The infrastructure handles a lot of internal sensitive secrets and customer external secrets.
Are there any reasonable independent security analysis of this infrastructure and how it might be exploited.
In looking at this solution, on the surface it looks like a viable alternative. My concerns include:
- The write up on it glosses a bit over some things. It doesn't quite make it clear exactly where and how the secrets are stored, mounted across the cluster, etc. Other than talking about every node having a DaemonSet.
- The BIG concern is that in long lived pods/clusters this means all those secrets are stored in the cluster, with what looks like no (or extremely limited) flushing abilities. While it should require someone with cluster privileged access to get to them, that happens. We already have seen bug bounty exploits breaking to the cluster control plane before. More so, in absence of real details about how inside each pod the access or replication of secrets fetched occurs it could be they get populated everwhere.
- Lack of "just in time" secrets usage (fetch use remove).
Does anyone have any harder analysis or understanding that could help me out?
