Default service account ‘automountServiceAccountToken’ should be set to ‘false’


Avoid automounting tokens for the default service account. The default service account should not be used and its ability to provide API credentials should be disabled.

Remediation Steps

Kubernetes Manifest (YAML)

  • Ensure that the default service account automountServiceAccountToken is to false.

Example Configuration

apiVersion: v1
kind: ServiceAccount
  name: default
automountServiceAccountToken: false
  # other required fields here