Encrypt Kubernetes Secret Data at Rest

Encrypt Kubernetes Secret Data at Rest¶

By default, StarlingX configures the kube-apiserver to encrypt or decrypt the data in the Kubernetes ‘Secret’ resources in / from the ‘etcd’ database.

This protects sensitive information in the event of access to the ‘etcd’ database being compromised. The encryption and decryption operations are transparent to the Kubernetes API user.

this page last updated: 2024-11-13 15:58:47

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.