Bird
0
0

After enabling encryption, you notice older Secrets are still unencrypted in etcd. What should you do?

medium📝 Troubleshoot Q7 of 15
Kubernetes - Secrets
After enabling encryption, you notice older Secrets are still unencrypted in etcd. What should you do?
ARestart etcd to apply encryption retroactively
BManually re-encrypt existing Secrets by updating them
CDelete and recreate the Secrets
DNothing, encryption applies automatically to all Secrets
Step-by-Step Solution
Solution:

  1. Step 1: Understand encryption scope

    Encryption applies only to new or updated Secrets after config is enabled.

  2. Step 2: Re-encrypt existing Secrets

    To encrypt old Secrets, they must be updated or recreated to trigger encryption.

  3. Final Answer:

    Manually re-encrypt existing Secrets by updating them -> Option B

  4. Quick Check:

    Update Secrets to encrypt old data [OK]
Quick Trick: Update Secrets to encrypt existing unencrypted data [OK]
Common Mistakes:
  • Restarting etcd expecting encryption
  • Assuming encryption auto-applies retroactively
  • Deleting Secrets unnecessarily

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Kubernetes Quizzes
ConfigMaps - Creating ConfigMaps from files - Quiz 8hard Health Checks and Probes - Liveness probe concept - Quiz 1easy Health Checks and Probes - HTTP probe configuration - Quiz 13medium Health Checks and Probes - Readiness probe concept - Quiz 6medium Ingress - Ingress controllers (Nginx, Traefik) - Quiz 9hard Networking - Pod-to-Pod communication - Quiz 1easy Resource Management - CPU requests and limits - Quiz 2easy Resource Management - Horizontal Pod Autoscaler - Quiz 6medium Resource Management - CPU requests and limits - Quiz 12easy Secrets - External secret management integration - Quiz 12easy