bakery-ia/infrastructure/platform/security/encryption/encryption-config.yaml

# Kubernetes Secrets Encryption Configuration
# This file configures encryption at rest for Kubernetes secrets
# Used by the API server to encrypt secret data stored in etcd

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              # 32-byte (256-bit) AES key encoded in base64
              # Generated using: openssl rand -base64 32
              secret: 62um3zP5aidjVSIB0ckAxF/Ms8EDy/Z8LyMGTdMuoSM=
      - identity: {}
Add new infra architecture 2026-01-19 11:55:17 +01:00			`# Kubernetes Secrets Encryption Configuration`
			`# This file configures encryption at rest for Kubernetes secrets`
			`# Used by the API server to encrypt secret data stored in etcd`

			`apiVersion: apiserver.config.k8s.io/v1`
			`kind: EncryptionConfiguration`
			`resources:`
			`- resources:`
			`- secrets`
			`providers:`
			`- aescbc:`
			`keys:`
			`- name: key1`
			`# 32-byte (256-bit) AES key encoded in base64`
			`# Generated using: openssl rand -base64 32`
			`secret: 62um3zP5aidjVSIB0ckAxF/Ms8EDy/Z8LyMGTdMuoSM=`
			`- identity: {}`