Summary

The cofidectl workload discover command provides functionality to discover secrets associated with workloads using the --include-secrets flag. This provides useful context around the age of the secret and if it potentially high risk due to how long it has been present. It could be useful to further extend this capability by providing additional, fine-grained metadata around these secrets that could be useful to surface including:

• Secret type
• Secret annotations
• Pod usage
• Secret RBAC
• Secret rotations