Encryption Key Rotation

RKE1 Encryption Key Rotation

  1. Enable encryption key rotation with either of the following two options:

    • Select the Enabled radio button in the Rancher UI under Cluster Options > Advanced Options > Secrets Encryption:

    Enable Encryption Key Rotation

    • OR, apply the following YAML:
    1. rancher_kubernetes_engine_config:
    2.   services:
    3.     kube_api:
    4.       secrets_encryption_config:
    5.         enabled: true

  2. Rotate keys in the Rancher UI:

    2.1. Click ☰ > Cluster Management.

    2.2. Select ⋮ > Rotate Encryption Keys on the far right of the screen next to your chosen cluster:

    Encryption Key Rotation

RKE2 Encryption Key Rotation

New in v2.6.7

Important: Encryption key rotation is enabled by default and cannot be disabled.

To rotate keys in the Rancher UI:

  1. Click ☰ > Cluster Management.

  2. Select ⋮ > Rotate Encryption Keys on the far right of the screen next to your chosen cluster:

    Encryption Key Rotation

Note: For more information on RKE2 secrets encryption config, please see the RKE2 docs.