# Kubernetes Secrets Encryption Configuration
# This file configures encryption at rest for Kubernetes secrets
# Used by the API server to encrypt secret data stored in etcd

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              # 32-byte (256-bit) AES key encoded in base64
              # Generated using: openssl rand -base64 32
              secret: 62um3zP5aidjVSIB0ckAxF/Ms8EDy/Z8LyMGTdMuoSM=
      - identity: {}