istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/help/faq/security/use-k8s-secrets.md

12 lines
747 B
Markdown
Raw Permalink Blame History

---
title: Does Istio authentication use Kubernetes secrets?
weight: 120
---
Yes. The key and certificate distribution in Istio Authentication is based on [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
Secrets have known [security risks](https://kubernetes.io/docs/concepts/configuration/secret/#risks). The Kubernetes team is working on
[several features](https://docs.google.com/document/d/1T2y-9geg9EfHHtCDYTXptCa-F4kQ0RyiH-c_M1SyD0s) to improve
Kubernetes secret security, from secret encryption to node-level access control. And as of version 1.6, Kubernetes introduces
[RBAC authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/), which can provide fine-grained secrets management.
Reference in New Issue View Git Blame Copy Permalink