Maintained with ☕️ by
IcePanel logo

Public preview: Key Management System integration

Share

Services

AKS now supports Key Management System (KMS) plugin integration which enables encryption at the rest of your Kubernetes data in etcd using Azure Key Vault. You can now store secrets in bring your own key (BYOK) encrypted etcd using KMS. From the Kubernetes documentation on [Encrypting Secret Data at Rest](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/): KMS Plugin for Key Vault is the recommended choice for using a third-party tool for key management. KMS plugin simplifies key rotation, with a new data encryption key (DEK) generated for each encryption, and key encryption key (KEK) rotation controlled by the user. Features: * Use a key in Key Vault for etcd encryption * Bring your own keys * Provide encryption at rest for secrets stored in etcd [Learn more.](https://aka.ms/aks/kmsetcdencryption) * Azure Kubernetes Service (AKS) * Features * Security * [ Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-gb/products/kubernetes-service/)