Information
Encrypt etcd key-value store.
Rationale:
etcd is a highly available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should be encrypted at rest to avoid any disclosures.
Impact:
When you enable etcd encryption, the following OpenShift API server and Kubernetes API server resources are encrypted:
Secrets
ConfigMaps
Routes
OAuth access tokens
OAuth authorize tokens
When you enable etcd encryption, encryption keys are created. These keys are rotated on a weekly basis. You must have these keys in order to restore from an etcd backup.
Solution
Follow the OpenShift documentation for Encrypting etcd data | Authentication | OpenShift Container Platform 4.5
Default Value:
By default, etcd data is not encrypted in OpenShift Container Platform