Consider the following general security guidelines:

• While the values.yaml file of the Helm charts can be stored in versioning systems, it is recommended that you do not use it to save sensitive information such as application credentials. Instead, use Kubernetes secrets.
• Use the sample scripts provided with the cloud native toolkit for creating secrets to maintain credentials for various applications such as OSM, Siebel, BRM, SOA, AIA and RCU.
• Use the sample scripts for secrets and store them in a vault that has strong encryption.
• Secure your Kubernetes secrets by using strong encryption, instead of a default base64 encryption.
• Use Kubernetes RBAC on minimum privileges policy and restrict kubectl get, list, and watch privileges for secrets, pods, logs, and services.
• Use Kubernetes RBAC on minimum privileges policy and restrict resource access to pods such as secrets and network.
• Consider Kubernetes general security guidelines. For details, see Kubernetes documentation available at: https://kubernetes.io/docs/setup/best-practices/enforcing-pod-security-standards/.

Also refer to the AIA Security Guide for other security considerations.