Uploaded image for project: 'OpenShift Hosted Control Plane'
  1. OpenShift Hosted Control Plane
  2. HOSTEDCP-1234

Secret encryption

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • Secret encryption
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-980 - Enforce Data/Secret Encryption for the Control-Planes, Etcd, and Nodes
    • OCPSTRAT-980Enforce Data/Secret Encryption for the Control-Planes, Etcd, and Nodes
    • 0% To Do, 0% In Progress, 100% Done
    • Hypershift Sprint 245, Hypershift Sprint 246, Hypershift Sprint 247
    • 0
    • 0
    • 0

      User Story:

      • As a service provider/consumer I want to make sure secrets are encrypted with key owned by the consumer

      Acceptance Criteria:

      Expose and propagate input for kms secret encryption similar to what we do in AWS.

      https://github.com/openshift/hypershift/blob/90aa44d064f6fe476ba4a3f25973768cbdf05eb5/api/v1beta1/hostedcluster_types.go#L1765-L1790

       

      See related discussion:

      https://redhat-internal.slack.com/archives/CCV9YF9PD/p1696950850685729

      (optional) Out of Scope:

      Detail about what is specifically not being delivered in the story

      Engineering Details:

      This requires/does not require a design proposal.
      This requires/does not require a feature gate.

            rh-ee-mraee Mulham Raee
            agarcial@redhat.com Alberto Garcia Lamela
            Jie Zhao
            Feilian Xie Feilian Xie
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: