mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
20 lines
838 B
Plaintext
20 lines
838 B
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/encrypting-etcd.adoc
|
|
// * post_installation_configuration/cluster-tasks.adoc
|
|
|
|
[id="about-etcd_{context}"]
|
|
= About etcd encryption
|
|
|
|
By default, etcd data is not encrypted in {product-title}. You can enable etcd encryption for your cluster to provide an additional layer of data security. For example, it can help protect the loss of sensitive data if an etcd backup is exposed to the incorrect parties.
|
|
|
|
When you enable etcd encryption, the following OpenShift API server and Kubernetes API server resources are encrypted:
|
|
|
|
* Secrets
|
|
* ConfigMaps
|
|
* Routes
|
|
* OAuth access tokens
|
|
* OAuth authorize tokens
|
|
|
|
When you enable etcd encryption, encryption keys are created. These keys are rotated on a weekly basis. You must have these keys in order to restore from an etcd backup.
|