Temp disks and cache for AKS agent node pools should be encrypted at host
HIGH
Ensures AKS node pool temp disks and caches are encrypted at the host level.
What does this mean?
This recommendation ensures that temporary disks and caches on AKS agent node pools are encrypted at the host level. This provides encryption for data that is not covered by standard managed disk encryption.
Benefits of implementation
- Encrypts temp data that standard disk encryption does not cover
- Protects cached data on the compute host
- Required for environments handling sensitive data
Drawbacks and considerations
- Not supported on all VM sizes
- Must be configured at node pool creation time
- May limit VM size selection for node pools
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Kubernetes / AKS
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12