aks-secret-base64-encoding-not-encryption

Status: IN

Raw Kubernetes secret manifests store data in base64 encoding, which is not encryption — etcd-level encryption with customer-managed keys is needed for true encryption at rest.

Source: entries/2026/03/11/aks-security.md

JSON