Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Blocked:
False
Ready:
False
Epic Link:
hypershift SDE initial integration
Market:

Sprint:
Hypershift Sprint 9
Cost of Delay:
0
WSJF:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Service delivery requires etcd secret encryption SDE-1598
We are currently not enabling etcd secret encryption by default. In order to support this, we should:

1 - Modify `create cluster aws` and `create iam aws` to allow specifying an existing KMS key for etcd secret encryption so that the proper STS role can be created for it.

2 - Always enable etcd encryption. If a KMS key is not provided, generate a AESCBC key and store it in a secret.

relates to

HOSTEDCP-104 Integration with aws kms for secret encryption

Closed

links to

openshift/hypershift#1003: Create kms key

Assignee:: Cesar Wong

Reporter:: Cesar Wong

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/02/10 1:35 PM

Updated:: 2022/09/09 6:34 AM

Resolved:: 2022/04/19 6:29 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates