Proposed title of this feature request

• "AWS Velero backups use encryption features by default"

What is the nature and description of the request?

• To change the Velero docs/defaults to encourage end-users to leverage the pre-existing backup encryption features as the default installation procedure, instead of making a conscious decision to use them.

Why does the customer need this? (List the business requirements here)

• A recent significant security incident occurred due to an improperly-secured Velero backup bucket for etcd which contained many sensitive secrets, but was not configured to leverage Velero's S3 encryption options. This situation was not the fault or responsibility of the Velero product; but it was suggested that if Velero enabled the security features "by default", and/or the documentation walked the end-user through the process of enabling the encryption features, then end-users would be more likely to use these features and cluster security would be improved. (By analogy: most home routers now force consumers to set an admin password instead of letting them use a well-known default, which has improved internet security.)

The specifics of the request would likely be:

• Installation docs guide the user through enabling the encryption features. (i.e. the use of server-side encryption using a KMS key, or client-side encryption. It does not refer to AWS's built-in "encryption at rest" feature which technically encrypts data on disc but still lets API users read the plaintext contents of the bucket.)
• config file defaults are updated to enable the encryption features, and/or require the user to replace placeholder values with real ones (as opposed to "if this field is blank, then the feature is disabled").

Optional: List affected component/s.

• Velero plugin for AWS: Default backup options