Uploaded image for project: 'Percona Operator for MongoDB'
  1. Percona Operator for MongoDB
  2. K8SPSMDB-698

Encryption key is generated and is vulnerable getting lost

Details

    • Improvement
    • Status: Done
    • Medium
    • Resolution: Fixed
    • None
    • None
    • None
    • None
    • Yes

    Description

      With kubernetes and kustomize you usually have your secrets encrypted. This allows you to store all your critical information in GIT (encrypted !). When it comes to deployment then with kustomize you generate the "complete" deployment yaml and just apply it to an environment.

      With Percona and your very appreciated "encryption at rest" feature there is though a little problem. If the cluster gets deployed then a "encryption-key" and "mongodb-key" (and others) are generated. It is very likely that the admin forgets to backup these files and is not be able to access the data again - which just happened to us.

      Could you make these files as part of the deployment ? For example like the secret.yaml. So that after a total wipeout, you could just install the customized files in deploy folder so that the cluster is up and running again ?

      Attachments

        Activity

          People

            Unassigned Unassigned
            jamoser John Moser
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Smart Checklist