Encrypting secrets
A secret is confidential information used by Kubernetes clusters when managing pods, such as OAuth keys, passwords, or SSH keys. By default, Kubernetes stores secrets as plain text. For more information, see the Kubernetes documentation
To protect secrets, Managed Service for Kubernetes enables you to encrypt them using encryption keys from Yandex Key Management Service. Key transactions use the Kubernetes Key Management Service provider mechanism
Managed Service for Kubernetes uses the Key Management Service plugin for key encryption and decryption. Secrets are encrypted using standard Kubernetes tools.
Specify a Key Management Service encryption key when creating a Kubernetes cluster since it cannot be added later.
Step-by-step instructions for Key Management Service key management are provided in the relevant section.