Loading...

XML

Word

Printable

Type: Feature
Resolution: Obsolete
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Core
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Parent Link:
OCPSTRAT-714Comprehensive overhaul of handling OCP internal cert & keys
Hierarchy Progress:
60
Hierarchy Progress Bar:

60% 60%
Size:
XL

RICE Score:
0
Risk Score:
0

Discussion Needed:

Program Call

SFDC Cases Links:
SFDC Cases Counter:

PX Priority Data:
PX Technical Impact:
PX Impact Range:
PX Scheduling Request:
PX Review Complete:

Intelligence Requested:
Market:

Feature Overview (aka. Goal Summary)

Goals (aka. expected user outcomes)

Minimize the impact of encryption keys rotation
Investigate the impact of losing the primary encryption key
Improve CI job for e2e encryption
Test and document how long an encrypted etcd backup can be accessed
Investigate hitless updates of encryption configuration for api server
Document process for manual forced encryption key rotation
Improvements to ancillary dependencies (e.g. go-lang library)

Requirements (aka. Acceptance Criteria):

rotation of encryption keys should be a non-event even for a high cluster with high level of transactions

depends on

API-1534 Reduce impact of encryption key rotations

Planning

is incorporated by

API-1569 Stabilize encryption at rest

New

is related to

OCPSTRAT-555 Improvements to ETCD datastore encryption [from OCPBU-81]

Closed

relates to

OCPSTRAT-319 Explore options for hitless automatic defrag of etcd

Backlog

Assignee:: William Caban

Reporter:: William Caban

QA Contact:: Wei Sun

Doc Contact:: Stephanie Stout

Product Experience Engineering Contact:: Eric Rich

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/03/31 8:23 PM

Updated:: 2024/04/25 4:24 PM

Resolved:: 2024/04/25 4:24 PM