Binary Authorization

Jan 1, 0001

Definition

Binary Authorization is a security control mechanism that ensures only trusted container images are deployed in a Kubernetes environment. It enforces a policy that requires images to be signed by trusted authorities before they can be executed, thus preventing the deployment of unverified or potentially malicious software.

Secure Settings Example

apiVersion: binaryauthorization.googleapis.com/v1
kind: Attestor
metadata:
  name: trusted-attestor
spec:
  attestationAuthorityNote:
    noteReference: "projects/my-project/notes/trusted-attestor"
  publicKeys:
  - asciiArmoredPgpPublicKey: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      ...
      -----END PGP PUBLIC KEY BLOCK-----

Insecure Settings Example

apiVersion: binaryauthorization.googleapis.com/v1
kind: Attestor
metadata:
  name: untrusted-attestor
spec:
  attestationAuthorityNote:
    noteReference: "projects/my-project/notes/untrusted-attestor"
  publicKeys: []

Binary Authorization

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter