Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6125

Enable etcd encryption using externally managed key on existing cluster

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Hosted Control Planes
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request Enable etcd encryption using externally managed key on existing cluster
      2. What is the nature and description of the request?

      HCP clusters support 2 types of encryption. When customers have https://hypershift-docs.netlify.app/reference/api/#hypershift.openshift.io/v1beta1.AESCBCSpec type encryption at cluster creation, they'd like to instead use https://hypershift-docs.netlify.app/reference/api/#hypershift.openshift.io/v1beta1.KMSSpec using an key managed externally (by AWS KMS for example)
      3. Why does the customer need this? (List the business requirements here)

      1. Customers today are unable to change this without deleting and recreating the hosted cluster.
      2. It is easier on day-1 cluster creation experience to use AESCBC based encryption because key creation and configuration can add extra step. 

      4. List any affected packages or components.

      HCP, etcd

              racedoro@redhat.com Ramon Acedo
              rh-ee-bchandra Balachandran Chandrasekaran
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                None
                None