[Solved] Given this encryption config snippet:{ "kind": "EncryptionConfig", "apiVersion": "v1", "resources": [ { "resources": ["secrets"], "providers": [ {"aescbc": {"keys": [{"name": "key1", "secret":... | Kubernetes

Kubernetes - RBAC and Security

Given this encryption config snippet:

{
  "kind": "EncryptionConfig",
  "apiVersion": "v1",
  "resources": [
    {
      "resources": ["secrets"],
      "providers": [
        {"aescbc": {"keys": [{"name": "key1", "secret": "c2VjcmV0MTIzNDU2Nzg5MDEyMw=="}]}},
        {"identity": {}}
      ]
    }
  ]
}

What is the effect of this configuration?

ASecrets are encrypted with a random key each time.

BSecrets are encrypted using AES-CBC with key1 before storage.

CSecrets are stored unencrypted because identity provider is first.

DSecrets are encrypted only in transit, not at rest.

Step-by-Step Solution

Solution:

Step 1: Analyze the providers order
The first provider is aescbc with key1, so encryption uses AES-CBC first.
Step 2: Understand identity fallback
Identity means no encryption fallback if AES-CBC fails, but since AES-CBC is first, secrets are encrypted.
Final Answer:
Secrets are encrypted using AES-CBC with key1 before storage. -> Option B
Quick Check:
First provider encrypts secrets = AES-CBC used [OK]

Quick Trick: First provider encrypts; identity means no encryption fallback. [OK]

Common Mistakes:

Thinking identity provider encrypts data
Assuming random keys are used each time
Confusing encryption at rest with in transit

Master "RBAC and Security" in Kubernetes

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Kubernetes Quizzes

Given this encryption config snippet:

Step 1: Analyze the providers order

Step 2: Understand identity fallback

Final Answer:

Quick Check:

Want More Practice?