Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-235826 | DKER-EE-002660 | SV-235826r627605_rule | Medium |
| Description |
|---|
| By leveraging Docker Secrets or Kubernetes secrets to store configuration files and small amounts of user-generated data (up to 500 kb in size), the data is encrypted at rest by the Engine's FIPS-validated cryptography. |
| STIG | Date |
|---|---|
| Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide | 2021-03-26 |
Details
| Check Text ( C-39045r627603_chk ) |
|---|
| Review System Security Plan (SSP) and identify applications that leverage configuration files and/or small amounts of user-generated data, ensure that data is stored in Docker Secrets or Kubernetes Secrets. Using a Universal Control Plane (UCP) client bundle, verify that secrets are in use by executing the following commands: docker secret ls Confirm containerized applications identified in SSP as utilizing Docker secrets have a corresponding secret configured. If the SSP requires Docker secrets be used but the containerized application does not use Docker secrets, this is a finding. |
| Fix Text (F-39008r627604_fix) |
|---|
| For all containerized applications that leverage configuration files and/or small amounts of user-generated data, store that data in Docker Secrets. All secrets should be created and managed using a UCP client bundle. A reference for the use of docker secrets can be found at https://docs.docker.com/engine/swarm/secrets/. |