Uploaded image for project: 'OpenShift Hosted Control Plane'
  1. OpenShift Hosted Control Plane
  2. HOSTEDCP-1234

Secret encryption

XMLWordPrintable

    • Secret encryption
    • Strategic Product Work
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-980 - Enforce Data/Secret Encryption for the Control-Planes, Etcd, and Nodes
    • OCPSTRAT-980Enforce Data/Secret Encryption for the Control-Planes, Etcd, and Nodes
    • 0% To Do, 0% In Progress, 100% Done
    • Hypershift Sprint 245, Hypershift Sprint 246, Hypershift Sprint 247
    • 0
    • 0
    • 0

      User Story:

      • As a service provider/consumer I want to make sure secrets are encrypted with key owned by the consumer

      Acceptance Criteria:

      Expose and propagate input for kms secret encryption similar to what we do in AWS.

      https://github.com/openshift/hypershift/blob/90aa44d064f6fe476ba4a3f25973768cbdf05eb5/api/v1beta1/hostedcluster_types.go#L1765-L1790

       

      See related discussion:

      https://redhat-internal.slack.com/archives/CCV9YF9PD/p1696950850685729

      (optional) Out of Scope:

      Detail about what is specifically not being delivered in the story

      Engineering Details:

      This requires/does not require a design proposal.
      This requires/does not require a feature gate.

              rh-ee-mraee Mulham Raee
              agarcial@redhat.com Alberto Garcia Lamela
              Jie Zhao
              Feilian Xie Feilian Xie (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: