🏗️ DevOps & Infrastructure

Kubernetes 1.35 Patches CSI Drivers' Token Leak Nightmare—Opt-In Security Without the Chaos

Service account tokens leaking into CSI driver logs? Kubernetes v1.35 kills that risk with a backward-compatible opt-in to the right spot. No more CVEs from sloppy token handling.

Open Source Beat Apr 07, 2026 3 min read
Kubernetes 1.35 diagram showing service account tokens flowing securely to CSI driver secrets field

⚡ Key Takeaways

  • Kubernetes v1.35 adds beta opt-in for CSI drivers to get service account tokens in the secure **secrets** field, dodging log leaks. 𝕏
  • Backward-compatible: fallback code works pre-upgrade; no breaks for existing setups. 𝕏
  • Inspired by past token hardening—expect fewer CVEs and faster driver adoption by 2025. 𝕏
Published by

Open Source Beat

Community-driven. Code-first.

#CSI drivers #Kubernetes security #Kubernetes v1.35 #csi-driver #k8s-security #kubernetes #service account tokens #storage #workload identity

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by Kubernetes Blog

Related Stories

📬

Stay in the loop

The week's most important stories from Open Source Beat, delivered once a week.

No spam. Unsubscribe any time.