Kubernetes
Practical
By Samson Tanimawo, PhD
Published Nov 10, 2025
4 min read
Secret Encryption at Rest
K8s Secrets can be encrypted at rest. The setup.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Config
EncryptionConfiguration in api-server.
KMS provider for key management.
Verify
etcdctl get secrets/foo shows encrypted blob.
Direct verification.
Rotation
Quarterly key rotation. Re-encrypt existing.
Documented procedure.