Encryption Key Rotation
RKE1 Encryption Key Rotation
Enable encryption key rotation with either of the following two options:
- Select the
Enabledradio button in the Rancher UI under Cluster Options > Advanced Options > Secrets Encryption:
- OR, apply the following YAML:
rancher_kubernetes_engine_config:
services:
kube_api:
secrets_encryption_config:
enabled: true- Select the
Rotate keys in the Rancher UI:
2.1. Click ☰ > Cluster Management.
2.2. Select ⋮ > Rotate Encryption Keys on the far right of the screen next to your chosen cluster:
RKE2 Encryption Key Rotation
New in v2.6.7
Important: Encryption key rotation is enabled by default and cannot be disabled.
To rotate keys in the Rancher UI:
Click ☰ > Cluster Management.
Select ⋮ > Rotate Encryption Keys on the far right of the screen next to your chosen cluster:
Note: For more information on RKE2 secrets encryption config, please see the RKE2 docs.