Profile Applicability:
Level 1
Description:
Secrets used within the build process—such as API keys, tokens, passwords, and certificates—must be scoped narrowly to provide only the minimum necessary permissions required for their intended function. This minimizes the potential impact of secret leakage or misuse.
Rationale:
Limiting the scope of build secrets reduces the risk of unauthorized access, lateral movement, and privilege escalation within the build and deployment environments. It aligns with the principle of least privilege, strengthening the security posture and mitigating potential damage from compromised secrets.
Impact:
Pros:
Minimizes attack surface related to secrets exposure.
Limits potential damage if secrets are leaked or compromised.
Supports compliance with security best practices and regulations.
Enhances control over build environment security.
Cons:
Requires careful secret management and access controls.
May add complexity to configuring secrets per use case.
Default value:
Secrets may often be granted broader access than necessary, increasing risk.
Audit:
Review secret management policies and configurations for scope restrictions. Inspect build logs and access records for secret usage and potential abuse.
Remediation:
Implement fine-grained secret scopes and access controls. Use secret management tools that support scoped secrets (e.g., HashiCorp Vault, AWS Secrets Manager). Educate teams on secure secret handling practices.
References:
HashiCorp Vault Best Practices: https://learn.hashicorp.com/tutorials/vault/identity-access-management
AWS Secrets Manager Documentation: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
CIS Controls v8, Control 5 - Account Management: https://www.cisecurity.org/controls/account-management/