DKER-EE-002410 - Docker Enterprise secret management commands must be used for managing secrets in a Swarm cluster.

Information

Use Docker's in-built secret management commands for managing sensitive data that which can be stored in key/value pairs. Examples include API tokens, database connection strings and credentials, SSL certificates, and the like.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Update the SSP so that it includes documented processes for using Docker secrets commands to manage sensitive data that can be stored in key/value pairs. Examples include API tokens, database connection strings and credentials, SSL certificates, and the like. Follow docker secret documentation and use it to manage secrets effectively. This documentation can be found at https://docs.docker.com/engine/swarm/secrets/.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Docker_Enterprise_2-x_Linux-UNIX_V2R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(b), CAT|II, CCI|CCI-000186, Rule-ID|SV-235824r627599_rule, STIG-ID|DKER-EE-002410, STIG-Legacy|SV-104819, STIG-Legacy|V-95681, Vuln-ID|V-235824

Plugin: Unix

Control ID: 9759a17fef747e4816f78b45082f8ccc2736fa2e41a68a8b123abac980e7ac8b