I saw this post from a year back: https://www.digitalocean.com/community/questions/are-kubernetes-secrets-encrypted-on-disk.

It seems like all secrets by default are encrypted by DOKS. Does this include stringData key/value pairs created as Opaque secrets in Kubernetes, i.e., via

kubectl create secret generic foosecret ...

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi there,

Yes, I believe that all data in etcd is encrypted at rest on the backend storage clusters.

If you have an existing cluster, I would recommend checking the versions and making sure that it is running a later version than the ones mentioned in the question that you’ve shared.