istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add one more faq for secret encryption (#1096)

This commit is contained in:
Tao Li 2018-03-26 13:04:10 -07:00 committed by Martin Taillefer
parent 5bf91c3554
commit 420be7f865
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
_faq/security/secret-encryption.md Normal file
View File

@ -0,0 +1,10 @@
---
title: Is the secret encrypted for workload key and cert?
order: 125
type: markdown
---
{% include home.html %}
By default, they are base64 encoded but not encrypted. However, the [secret encryption feature](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) is supported in Kubernetes and you can do it by following the instruction.
Notice that this feature is not enabled yet in Google Container Enginer (GKE). While the data may not be encrypted inside the etcd running on the master node, the contents of the master node itself are encrypted, see [here](https://cloud.google.com/security/encryption-at-rest/default-encryption/#encryption_of_data_at_rest) for more info.