Merge pull request #18542 from codyhoag/etcd-release-notes

Add etcd data encryption info to release notes

release_notes/ocp-4-3-release-notes.adoc

@@ -77,6 +77,35 @@ to customers based on data from the Red Hat Service Reliability Engineering
 (SRE) team, you might not immediately see notification in the web console that
 updates from version 4.2.z to 4.3 are available at initial release.
 
+[id="ocp-4-3-security"]
+=== Security
+
+[id="ocp-4-3-cert-rotation"]
+==== Automatic rotation of certificates
+
+Automated CA rotation will be available in this release in a future z-stream
+update. This is to allow time for administrators to plan accordingly for their environments.
+
+[id="ocp-4-3-encrypt-data-stored-in-etcd"]
+==== Encrypt data stored in etcd
+
+You can now xref:../authentication/encrypting-etcd.adoc#encrypting-etcd[encrypt data stored in etcd].
+Enabling etcd encryption for your cluster provides an additional layer of data
+security.
+
+When you enable etcd encryption, the following OpenShift API server and
+Kubernetes API server resources are encrypted:
+
+* Secrets
+
+* ConfigMaps
+
+* Routes
+
+* OAuth access tokens
+
+* OAuth authorize tokens
+
 [id="ocp-4-3-cluster-monitoring"]
 === Cluster monitoring
 
@@ -161,15 +190,6 @@ Preview, are now fully supported in {product-title} 4.3.
 Using the Container Storage Interface (CSI) to expand storage volumes after they
 have already been created is now enabled by default in Technology Preview.
 
-[id="ocp-4-3-certificates"]
-=== Certificates
-
-[id="ocp-4-3-cert-rotation"]
-==== Automatic rotation of certificates
-
-Automated CA rotation will be available in this release in a future z-stream
-update. This is to allow time for administrators to plan accordingly for their environments.
-
 [id="ocp-4-3-operators"]
 === Operators
 
@@ -523,7 +543,7 @@ indicate that the feature is removed from the release or deprecated.
 |TP
 |TP
 
-|SR-IOV network Operator
+|SR-IOV Network Operator
 |
 |TP
 |GA