Adopt secrets in Cloud Security Posture

[romulets]

What

Adopt Secrets in Cloud Posture Management. A similar PR was created before, but reverted to not impact 8.12 release. This PR applies the changes to 1.8.0, therefore 8.13

This issue suggests potential secrets in cloud_secruity_posture. The following fields where labeled as secrets

• cloudbeat/cis_eks
  • session_token
• cloudbeat/cis_aws
  • secret_access_key
• cloudbeat/cis_azure
  • azure.credentials.client_secret
  • azure.credentials.client_password
  • azure.credentials.client_certificate_password

Based on the criteria used of what potentially is a secret, more fields would have been classified as secret. Below you can find why they were not:

• session_token: amazon doesn't consider it a secret, it's something temporary (@jeniawhite confirmed)
• access_key_id: this always comes in pair with secret_access_key . I considered only the secret, a secret. The access key is plain text in AWS and in our integration page anyway. I believe only secret_access_key should be a secret.

Why

Adoption of secrets is a kibana wide effort to remove the possibility of secrets leaks in kibana (via system logs/audit or humans)

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• Test all integrations with secrets and validate that Posture Management still properly works
• Test create, update and upgrade flow

Related issues

• Closes https://github.com/elastic/security-team/issues/7380

Screenshots

Example of stored secret:

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-12-12T10:11:29.117+0000

• Duration: 15 min 51 sec

Test stats 🧪

Test	Results
Failed	0
Passed	4
Skipped	0
Total	4

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[romulets]

/test

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (0/0)	💚
Files	100.0% (0/0)	💚 5.556
Classes	100.0% (0/0)	💚 5.556
Methods	25.0% (2/8)	👎 -69.969
Lines	100.0% (0/0)	💚 12.295
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview01 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview02 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview03 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview04 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview05 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview06 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview07 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0-preview08 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

[elasticmachine]

Package cloud_security_posture - 1.8.0 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture