Security Baseline
Security Priorities
Mandatory Controls
Recommended Hardening
Incident Readiness
High-Risk Areas to Review

Security Baseline

Security Priorities

Keep credentials out of public repositories
Rotate sensitive credentials regularly
Enforce least-privilege access
Keep audit trail for administrative actions

Mandatory Controls

TLS on all public domains
Strong secret management process
Backup encryption at rest where possible
Access review for GitHub + cluster + production services

Recommended Hardening

Centralized identity provider (SSO)
Role-based admin portal
Secret scanning in CI
Regular dependency and image updates

Incident Readiness

Runbook for credential leak response
Fast revoke/rotate process
Service-by-service rollback procedures

High-Risk Areas to Review

Embedded secrets in tracked YAML files
Public repository exposure for operational credentials
Unpinned container images in production services
Privileged workloads and hostPath usage

Backups and Restore Troubleshooting