Encryption key is generated and is vulnerable getting lost

With kubernetes and kustomize you usually have your secrets encrypted. This allows you to store all your critical information in GIT (encrypted !). When it comes to deployment then with kustomize you generate the "complete" deployment yaml and just apply it to an environment.

With Percona and your very appreciated "encryption at rest" feature there is though a little problem. If the cluster gets deployed then a "encryption-key" and "mongodb-key" (and others) are generated. It is very likely that the admin forgets to backup these files and is not be able to access the data again - which just happened to us.

Could you make these files as part of the deployment ? For example like the secret.yaml. So that after a total wipeout, you could just install the customized files in deploy folder so that the cluster is up and running again ?