What does Kubernetes v1.35 change for CSI service account tokens?

It adds an opt-in to pass tokens via the secrets field instead of volume_context, fixing log leaks without breaking existing drivers.

Does Kubernetes v1.35 require CSI driver updates?

Not immediately — add fallback logic first for safety, then opt-in later.

Is Kubernetes v1.35's CSI token feature stable?

Beta, enabled by default, backward-compatible design makes it production-ready now.

🗄️ Databases & Backend

Kubernetes 1.35 Sneaks Safer CSI Tokens Past the Logs — Without Breaking Your Setup

What if your CSI driver's logs were quietly broadcasting service account tokens to the world? Kubernetes v1.35 plugs that hole with a clever opt-in fix.

DevTools Feed Apr 03, 2026 3 min read 12 views

⚡ Key Takeaways

Kubernetes v1.35 introduces opt-in for CSI drivers to receive service account tokens in the secure secrets field. 𝕏
Fallback logic ensures zero breakage; add it today for future-proofing. 𝕏
Fixes real CVEs by aligning with CSI specs, unifying security across drivers. 𝕏

Published by

DevTools Feed

Ship faster. Build smarter.

#CSI drivers #Kubernetes security #Kubernetes v1.35 #service account tokens #workload identity

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by Kubernetes Blog

⚡ Key Takeaways

The 60-Second TL;DR

DevTools Feed

Share this article

Worth sharing?

Related Stories

CrackArmor: 9 AppArmor Flaws Expose 12.6M Linux Nodes to Root Takeover

Kubernetes 1.35's Numeric Taints: Spot Savings or Setup Headache?

Kubernetes 1.35 Unlocks Mutable PV Node Affinity – Alpha Feature with Real Risks

PostgreSQL Crushes Multi-Model Hype—But Is Native Better?

Stay in the loop