Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
api/v1/kubernetes/secrets
Kubernetes Secrets API
What an attacker could do
Reading the secrets API exposes base64-encoded credentials, TLS private keys, service-account tokens, and database passwords, giving an attacker the keys to pivot across the entire cluster and connected services.
How to defend it
Lock down secrets with least-privilege RBAC, enable encryption-at-rest for etcd, and use an external secret store (e.g. Vault or a CSI driver) instead of plaintext Kubernetes Secrets.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation