You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(due to accidental publishing of a full machineconfig to a public github repository)
I was blocked by the inability to modify the encryptionconfig.yaml file to have the older keys in it to transition to a newly generated key.
This seems like something that would be nice to be supported in talosctl, or at least, the ability to add multiple encryption secrets to the machineconfig for the purposes of key rotation.
I've attempted the procedure manually by trying to specify a custom encryptionconfig file that has been inserted via files[], but apparently that argument is protected by talos and I am unable to override it.
The text was updated successfully, but these errors were encountered:
Feature Request
Description
While trying to implement the procedure as described at
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#rotating-a-decryption-key
(due to accidental publishing of a full machineconfig to a public github repository)
I was blocked by the inability to modify the encryptionconfig.yaml file to have the older keys in it to transition to a newly generated key.
This seems like something that would be nice to be supported in talosctl, or at least, the ability to add multiple encryption secrets to the machineconfig for the purposes of key rotation.
I've attempted the procedure manually by trying to specify a custom encryptionconfig file that has been inserted via files[], but apparently that argument is protected by talos and I am unable to override it.
The text was updated successfully, but these errors were encountered: