Uploaded image for project: 'OpenShift API Server'
  1. OpenShift API Server
  2. API-1569 Stabilize encryption at rest
  3. API-1576

Document how to force encryption key rotation

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Unresolved
    • Undefined
    • None
    • None
    • kube-apiserver
    • False
    • None
    • False
    • OCPSTRAT-1344 - [API] Support soft-rotation of ETCD datastore encryption

    Description

      Current mechanism to enforce key rotation:

      set the following unsupported config on the kube-apiserver object:

      "unsupportedConfigOverrides": {
  "encryption": {
    "reason": "force-key-rotation"
  }
}

      Attachments

        Activity

          People

            Unassigned Unassigned
            dgrisonn@redhat.com Damien Grisonnet
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: