Loading...

XML

Word

Printable

Type: Epic
Resolution: Done
Priority: Undefined
Fix Version/s: openshift-4.13
Affects Version/s: None
Component/s: None
Labels:
- hypershift
- hypershift-qe

Epic Name:
Secret encryption
Activity Type:
Product / Portfolio Work
Parent Link:
OCPSTRAT-980Enforce Data/Secret Encryption for the Control-Planes, Etcd, and Nodes
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Size:
None

Target Version:
None
Release Blocker:
None

WSJF:
0

User Story:

As a service provider/consumer I want to make sure secrets are encrypted with key owned by the consumer

Acceptance Criteria:

Expose and propagate input for kms secret encryption similar to what we do in AWS.

https://github.com/openshift/hypershift/blob/90aa44d064f6fe476ba4a3f25973768cbdf05eb5/api/v1beta1/hostedcluster_types.go#L1765-L1790

See related discussion:

https://redhat-internal.slack.com/archives/CCV9YF9PD/p1696950850685729

(optional) Out of Scope:

Detail about what is specifically not being delivered in the story

Engineering Details:

(optional) https://github/com/link.to.enhancement/
(optional) https://issues.redhat.com/link.to.spike
Engineering detail 1
Engineering detail 2

This requires/does not require a design proposal.
This requires/does not require a feature gate.

links to

openshift/azure-kubernetes-kms#5: OCPBUGS-33805: Use exec form entrypoint

openshift/hypershift#3183: HOSTEDCP-1234: Add KMS support on Azure clusters using Azure Key Vault

mentioned on

Merge request - Bump IBM integration to our latest prod image.

Assignee:: Mulham Raee

Reporter:: Alberto Garcia Lamela

Need Info From:: None

Contributors:: Jie Zhao

QA Contact:: Feilian Xie (Inactive)

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/10/10 2:58 PM

Updated:: 2025/06/27 9:45 AM

Resolved:: 2024/05/27 8:53 AM