[Solved] Given this snippet from an EncryptionConfiguration file: { "kind": "EncryptionConfiguration", "apiVersion": "apiserver.config.k8s.io/v1", "resources": [ { "resources": ["secrets"], "providers":... | Kubernetes

Kubernetes - Secrets

Given this snippet from an EncryptionConfiguration file:

{
  "kind": "EncryptionConfiguration",
  "apiVersion": "apiserver.config.k8s.io/v1",
  "resources": [
    {
      "resources": ["secrets"],
      "providers": [
        {"aescbc": {"keys": [{"name": "key1", "secret": "c2VjcmV0MTIzNDU2Nzg5MDEyMzQ1Njc4OTA="}]}},
        {"identity": {}}
      ]
    }
  ]
}

What does this configuration do?

AEncrypts Secrets using AES-CBC with key1, falling back to no encryption

BEncrypts all resources except Secrets

CDisables encryption for Secrets

DEncrypts Secrets using identity provider only

Step-by-Step Solution

Solution:

Step 1: Analyze the providers list for Secrets
The providers list has an AES-CBC encryption provider with a key named key1, followed by identity (no encryption) as fallback.
Step 2: Understand the effect on Secrets
This means Secrets are encrypted with AES-CBC using key1; if decryption fails, identity provider returns plain data.
Final Answer:
Encrypts Secrets using AES-CBC with key1, falling back to no encryption -> Option A
Quick Check:
Encryption config with AES-CBC + identity fallback [OK]

Quick Trick: First provider encrypts, second is fallback identity [OK]

Common Mistakes:

Thinking identity means encryption is disabled
Assuming all resources are encrypted, not just Secrets
Confusing provider order effect

Master "Secrets" in Kubernetes

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Kubernetes Quizzes

Given this snippet from an EncryptionConfiguration file:

Step 1: Analyze the providers list for Secrets

Step 2: Understand the effect on Secrets

Final Answer:

Quick Check:

Want More Practice?