How to Verify if the ETCD Secrets Are Encrypted or Not?
Problem
- How to verify if ETCD secrets are actually encrypted after configuring ETCD secret encryption?
Environment
- Platform9 Managed Kubernetes - v5.2 and above
- Kubernetes v1.20 and above
- Docker or Containerd
Answer
- ETCD secret encryption can be verified with the help of
etcdctl
command line utility. - ETCD secrets are stored at the path
/registry/secrets/$namespace/$secret
on the master node. - The below command can be used to verify if the particular ETCD secret is encrypted or not.
# ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C
Was this page helpful?