docs/doc/source/security/kubernetes/encrypt-kubernetes-secret-data-at-rest.rst


.. dxx1582118922443
.. _encrypt-kubernetes-secret-data-at-rest:

======================================
Encrypt Kubernetes Secret Data at Rest
======================================

By default, |prod| configures the kube-apiserver to encrypt or decrypt the
data in the Kubernetes 'Secret' resources in / from the etcd database.

This protects sensitive information in the event of access to the etcd
database being compromised. The encryption and decryption operations are
transparent to the Kubernetes API user.
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`.. dxx1582118922443`
			`.. _encrypt-kubernetes-secret-data-at-rest:`

			`======================================`
			`Encrypt Kubernetes Secret Data at Rest`
			`======================================`

			`By default, \|prod\| configures the kube-apiserver to encrypt or decrypt the`
			`data in the Kubernetes 'Secret' resources in / from the etcd database.`

			`This protects sensitive information in the event of access to the etcd`
			`database being compromised. The encryption and decryption operations are`
			`transparent to the Kubernetes API user.`