-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
1. Proposed title of this feature request: The ETCD sensitive data encryption to use both aesgcm in place of/ in addition to aescbc.
2. What is the nature and description of the request?
In this doc: https://docs.openshift.com/container-platform/4.8/security/encrypting-etcd.html
We see only 'aesbc' encryption type is present.
Also, in this openshift/api yaml;
there are two values accepted by the api - aesbc & identity
Cu is asking for the AES_GCM cipher to be used when applying encryption.
In short, they are requiring ETCD database encryption to be updated to use both aesgcm in place of/ in addition to aescbc.
3. Why does the customer need this? (List the business requirements here).
Currently, the the etcd encryption uses the AESBC encryption which is not accepted by the cu's cryptographic standards.
They are wanting AES-256-GCM encryption as per same standards. Their application will be blocked into going to production if the cryptographic standards are not followed.
4. List any affected packages or components.
None that we know of as yet.
- is cloned by
-
OCPSTRAT-370 Update ETCD datastore encryption to use AES-GCM instead of AES-CBC
- Closed
- links to