{"id":"aks-secret-base64-encoding-not-encryption","text":"Raw Kubernetes secret manifests store data in base64 encoding, which is not encryption — etcd-level encryption with customer-managed keys is needed for true encryption at rest.","truth_value":"IN","source":"entries/2026/03/11/aks-security.md","source_url":"","source_hash":"6ab7bfd9e7cc03b4","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"aks-secret-base64-encoding-not-encryption","truth_value":"IN","reason":"premise"}]}}