modules/etcd-encryption-types.adoc

// Module included in the following assemblies:
//
// * security/encrypting-etcd.adoc
// * post_installation_configuration/cluster-tasks.adoc

:_mod-docs-content-type: CONCEPT
[id="etcd-encryption-types_{context}"]
= Supported encryption types

The following encryption types are supported for encrypting etcd data in {product-title}:

AES-CBC:: Uses AES-CBC with PKCS#7 padding and a 32 byte key to perform the encryption. The encryption keys are rotated weekly.

AES-GCM:: Uses AES-GCM with a random nonce and a 32 byte key to perform the encryption. The encryption keys are rotated weekly.
OSDOCS-5333: Adding AES-GCM encryption option 2023-02-20 13:37:50 -05:00			`// Module included in the following assemblies:`
			`//`
			`// * security/encrypting-etcd.adoc`
			`// * post_installation_configuration/cluster-tasks.adoc`

[enterprise-4.14] changing content type attribute 2023-10-30 10:13:25 -04:00			`:_mod-docs-content-type: CONCEPT`
OSDOCS-5333: Adding AES-GCM encryption option 2023-02-20 13:37:50 -05:00			`[id="etcd-encryption-types_{context}"]`
			`= Supported encryption types`

			`The following encryption types are supported for encrypting etcd data in {product-title}:`

			`AES-CBC:: Uses AES-CBC with PKCS#7 padding and a 32 byte key to perform the encryption. The encryption keys are rotated weekly.`

			`AES-GCM:: Uses AES-GCM with a random nonce and a 32 byte key to perform the encryption. The encryption keys are rotated weekly.`