Support for Kubernetes secrets encryption
- Services: Kubernetes Engine
- Release Date: September 12, 2019
Oracle Container Engine for Kubernetes now supports the encryption of Kubernetes secrets at rest. Kubernetes secrets can include sensitive configuration data such as authentication tokens, passwords, and SSH keys. These are stored as Kubernetes objects in etcd. Etcd is an open source key-value store that Kubernetes uses for cluster coordination and state management.
When you create a new cluster, you can now specify that Kubernetes secrets in etcd are to be encrypted using the Oracle Cloud Infrastructure Key Management service. To take advantage of Kubernetes secrets encryption support, use the 'Custom Create' workflow when creating new Kubernetes clusters.
For more information, see Encrypting Kubernetes Secrets At Rest in Etcd.