KeyEncryptionKey resource¶

This section describes the KeyEncryptionKey custom resource (CR) used in the MOSK management API to configure backup encryption keys for a MOSK or management cluster prior to uploading the MKE backup to a remote storage.

The KeyEncryptionKey CR contains the following fields:

apiVersion
API version of the object that is kaas.mirantis.com/v1alpha1.
kind
Object type that is KeyEncryptionKey.
metadata
Metadata of the KeyEncryptionKey CR that contains the following fields:
- name
  Name of the KeyEncryptionKey object.
- namespace
  Project name of the cluster that relates to KeyEncryptionKey.
spec
Specification of the KeyEncryptionKey CR that contains the following fields:
- secret
  Name of the Kubernetes secret that contains the encryption key that is used to encrypt the backup data. Contains the following field:
  
  value
  Encryption key that is stored in the Kubernetes secret. Must contain minimum 32 characters.

Configuration example of a KeyEncryptionKey object before creation:

apiVersion: kaas.mirantis.com/v1alpha1
kind: KeyEncryptionKey
metadata:
  name: swift-s3
  namespace: default
spec:
  secret:
    value: <ENCRYPTION_KEY>

Configuration example of a KeyEncryptionKey object after creation containing the mutated metadata and spec sections:

apiVersion: kaas.mirantis.com/v1alpha1
kind: KeyEncryptionKey
metadata:
  creationTimestamp: "2025-12-17T14:09:25Z"
  generation: 1
  name: swift-s3
  namespace: default
  resourceVersion: "19368149"
  uid: 0ebd8f7b-cff3-4efe-af16-7d9bd2229cd3
spec:
  secret:
    secret:
      key: value
      name: swift-s3-dgpvv

No results

An error occurred

KeyEncryptionKey resource¶