Home > Software design >  Are encrypted at rest Secrets stored encrypted inside the pod in Kubernetes?
Are encrypted at rest Secrets stored encrypted inside the pod in Kubernetes?

Time:04-12

Let's assume that I have implemented encryption at rest using a KMS provider and have encrypted my secrets within the etcd. Furthermore, let's assume that I have specified that secrets shall be mounted as files onto the pods.

Are the secrets going to be stored encrypted inside the secrets file in the pod?

CodePudding user response:

The secret data is stored in encrypted form in etcd only. Upon retrieval the Kubernetes API server decrypts it before it is used downstream, which is, pod in your question. In general, encryption at rest encrypts upon write to the said storage medium and decrypts upon read. The pod is not the reader, api server is.

https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#verifying-that-data-is-encrypted

Page link:https//www.codepudding.com/Softwaredesign/369327.html

Prev:CustomPaint Erase shape on hit with fade effect
Next:Kubernetes v1.18 on GKE end of life
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding