From 564e938122ea8a3546a31af8389d6601c52b9d0b Mon Sep 17 00:00:00 2001
From: asjarre <asjarre@amazon.com>
Date: Tue, 20 Jan 2026 14:29:19 +1100
Subject: [PATCH] Check for EKS Auto Mode storage class provisioner encryption.

---
 hardeneks/cluster_wide/security/encryption_secrets.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardeneks/cluster_wide/security/encryption_secrets.py b/hardeneks/cluster_wide/security/encryption_secrets.py
index f557a68..4cdcaf4 100644
--- a/hardeneks/cluster_wide/security/encryption_secrets.py
+++ b/hardeneks/cluster_wide/security/encryption_secrets.py
@@ -13,7 +13,7 @@ def check(self, resources: Resources):
         offenders = []
 
         for storage_class in resources.storage_classes:
-            if storage_class.provisioner == "ebs.csi.aws.com":
+            if storage_class.provisioner in ["ebs.csi.aws.com", "ebs.csi.eks.amazonaws.com"]:
                 encrypted = storage_class.parameters.get("encrypted")
                 if not encrypted:
                     offenders.append(storage_class)