With Kubernetes 1.27, we (SIG Auth) are moving Key Management Service (KMS) v2 API to beta. What is KMS? One of the first things to consider when securing a Kubernetes cluster is encrypting etcd data at rest. KMS provides an interface for a provider to utilize a key stored in an external key service to perform this encryption. KMS v1 has been a feature of Kubernetes since version 1.10, and is currently in beta as of version v1.| Kubernetes
All of the APIs in Kubernetes that let you write persistent API resource data support at-rest encryption. For example, you can enable at-rest encryption for Secrets. This at-rest encryption is additional to any system-level encryption for the etcd cluster or for the filesystem(s) on hosts where you are running the kube-apiserver. This page shows how to enable and configure encryption of API data at rest. Note:This task covers encryption for resource data stored using the Kubernetes API.| Kubernetes