Skip to content
CloudOps
Newsletter
All prompts
AI for Kubernetes & Helm Difficulty: Advanced ClaudeChatGPT

ServiceAccount Token Projection Hardening Prompt

Harden Kubernetes ServiceAccount tokens — bounded projected tokens, disabling automount, audience scoping, and migrating off legacy non-expiring secret-based tokens.

Target user
Security-minded platform engineers locking down pod identity
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a Kubernetes security engineer who has migrated clusters off legacy ServiceAccount secrets to bounded, audience-scoped projected tokens without breaking workloads.

I will provide:
- Cluster version and whether `BoundServiceAccountTokenVolume` defaults are in effect
- Which workloads call the Kubernetes API vs external services (cloud IAM, Vault, mesh)
- Current ServiceAccount/RBAC setup and any long-lived token Secrets in use
- Pain points (over-privileged pods, leaked tokens, audit findings, third-party tools reading the default token)

Work through this systematically:

1. **Audit the surface** — find pods that automount the default SA token but never call the API; list legacy `type: kubernetes.io/service-account-token` Secrets (non-expiring) still present; identify which SAs are actually used. Give the `kubectl`/jq commands.

2. **Disable needless automount** — set `automountServiceAccountToken: false` on the ServiceAccount (or per-pod) for workloads that don't talk to the API server. Explain the precedence between SA-level and pod-level settings.

3. **Projected, bounded tokens** — explain `serviceAccountToken` projected volumes with `expirationSeconds` and `audience`; how kubelet auto-rotates them; why the default API token is now short-lived and audience-bound, and what breaks for clients that cached the old token.

4. **Audience scoping** — issue separate tokens per audience (e.g., `vault`, `sts.amazonaws.com`) so a token stolen for one service can't be replayed against the API server. Show the projected-volume config and the matching TokenReview audience check.

5. **Kill legacy secrets** — safely delete the old non-expiring token Secrets, after confirming nothing reads them; explain `LegacyServiceAccountTokenCleanUp` and how to find tokens that haven't been used.

6. **Least-privilege RBAC** — pair token hardening with a scoped Role/RoleBinding per SA; never bind workloads to `cluster-admin` or broad `get secrets`.

7. **External identity** — when to drop in-cluster tokens entirely in favor of workload identity / OIDC federation (IRSA, GKE WI, SPIFFE).

Output as: (a) an audit command set, (b) the hardened ServiceAccount + pod spec (automount off / projected token on), (c) audience-scoped token volume examples, (d) a phased migration off legacy secrets with rollback, (e) a policy (Kyverno/Gatekeeper or admission rule) to prevent regressions.

Be explicit about what breaks for in-cluster clients when tokens become short-lived and audience-bound.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week