4 Encrypting data at rest

This chapter covers

Data encryption at rest for Kubernetes cluster storage
Enabling the KMS provider for data encryption

In chapter 3, you learned how to protect secrets when storing them in Git, but this is just one place secrets can be stored. In this chapter, we’ll discuss storing them inside the Kubernetes cluster.

We’ll demonstrate that secrets are not encrypted by default by directly querying the etcd database. Then we’ll walk through the process of encrypting data at rest as well as enabling it in Kubernetes to encrypt secrets (figure 4.1).

Figure 4.1 From plain text secrets to encrypted secrets

Finally, we ...

Get Kubernetes Secrets Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kubernetes Secrets Management by Andrew Block, Alex Soto

4 Encrypting data at rest

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly