Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

CouchbaseEncryptionKey Resource

    The CouchbaseEncryptionKey resource is used to manage encryption keys for a Couchbase cluster. CouchbaseEncryptionKey is the Schema for the couchbaseencryptionkeys API.

    The following is an example resource, depicting the overall structure and any defaults (consult the field reference for valid values for "empty" values, such as empty strings etc.):

    apiVersion: v2
kind: CouchbaseEncryptionKey
metadata:
  name: ""
spec:
  autoGenerated:
    canBeCached: True
    encryptWithKey: ""
    rotation:
      intervalDays: 0
      startTime: ""
  awsKey:
    credentialsSecret: ""
    keyARN: ""
    keyRegion: ""
    profileName: ""
    useIMDS: false
  keyType: ""
  kmipKey:
    clientSecret: ""
    encryptionApproach: ""
    host: ""
    keyID: ""
    port: 0
    timeoutInMs: 0
    verifyWithCouchbaseCA: True
    verifyWithSystemCA: True
  usage:
    allBuckets: True
    audit: True
    configuration: True
    key: True
    log: True

    couchbaseencryptionkeys.apiVersion

    Constraints

    Type: string

    Description

    APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.

    couchbaseencryptionkeys.kind

    Constraints

    Type: string

    Description

    Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.

    couchbaseencryptionkeys.metadata

    Constraints

    Required

    Type: object

    Description

    Standard object metadata as defined for all Kubernetes types.

    For additional details see the Kubernetes reference documentation.

    couchbaseencryptionkeys.metadata.name

    Constraints

    Type: string

    Description

    The name of a resource. This must be unique for the kind of resource within the namespace.

    All resources must have a name. The name may be omitted and metadata.generateName used instead to generate a unique resource name.

    For additional details on resource names, see the Kubernetes reference documentation.

    couchbaseencryptionkeys.metadata.namespace

    Constraints

    Type: string

    Description

    The namespace the resource resides in. All resources reside in a namespace.

    The namespace is optional and may be specified in YAML configuration to override the namespace supplied by kubectl.

    For additional details on namespaces, see the Kubernetes reference documentation.

    couchbaseencryptionkeys.metadata.labels

    Constraints

    Type: map[string]string

    Description

    Labels allow resources to be labeled with key/value pairs of data. Labels are indexed and allow resources to be selected based upon specified labels.

    Labels are relevant for certain types when using label selection within your resources.

    For additional details on labels and selectors, see the Kubernetes reference documentation.

    couchbaseencryptionkeys.metadata.annotations

    Constraints

    Type: map[string]string

    Description

    Annotations allow resources to be annotated with key/value pairs of data. Annotations are arbitrary, and not indexed, so cannot be used to select resources, however may be used to add context or accounting to your resources.

    For additional details on annotations, see the Kubernetes reference documentation.

    couchbaseencryptionkeys.spec

    Constraints

    Type: object

    Description

    CouchbaseEncryptionKeySpec defines the desired state of CouchbaseEncryptionKey.

    couchbaseencryptionkeys.spec.autoGenerated

    Constraints

    Type: object

    Description

    AutoGenerated defines settings for auto-generated keys. This field is only valid when KeyType is "AutoGenerated".

    couchbaseencryptionkeys.spec.autoGenerated.canBeCached

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    CanBeCached defines whether the key can be cached.

    couchbaseencryptionkeys.spec.autoGenerated.encryptWithKey

    Constraints

    Type: string

    Description

    EncryptWithKey is the name of another encryption key to use to encrypt the auto-generated key. If not provided, the key will be encrypted with the master password.

    couchbaseencryptionkeys.spec.autoGenerated.rotation

    Constraints

    Type: object

    Description

    Rotation defines the rotation settings for the auto-generated key. If not provided, the key will not be rotated.

    couchbaseencryptionkeys.spec.autoGenerated.rotation.intervalDays

    Constraints

    Required

    Type: integer

    Minimum: 1

    Description

    IntervalDays defines the rotation interval in days.

    couchbaseencryptionkeys.spec.autoGenerated.rotation.startTime

    Constraints

    Type: string

    Description

    StartTime defines when rotation should start (timestamp).

    couchbaseencryptionkeys.spec.awsKey

    Constraints

    Type: object

    Description

    AwsKey defines settings for AWS KMS keys. This field is only valid when KeyType is "AWS".

    couchbaseencryptionkeys.spec.awsKey.credentialsSecret

    Constraints

    Type: string

    Description

    CredentialSecret is the name of the secret containing AWS credentials. The secret must contain a key with the name "credentials" with the data value of the AWS credentials file.

    couchbaseencryptionkeys.spec.awsKey.keyARN

    Constraints

    Required

    Type: string

    Description

    KeyArn is the ARN of the AWS KMS key.

    couchbaseencryptionkeys.spec.awsKey.keyRegion

    Constraints

    Type: string

    Description

    KeyRegion is the AWS region where the key is located.

    couchbaseencryptionkeys.spec.awsKey.profileName

    Constraints

    Type: string

    Description

    ProfileName is the name of the profile to use from the credentials secret.

    couchbaseencryptionkeys.spec.awsKey.useIMDS

    Constraints

    Type: boolean

    Description

    UseImds defines whether to use IMDS for authentication.

    couchbaseencryptionkeys.spec.keyType

    Constraints

    Required

    Type: string

    Enumerations: AutoGenerated, AWS, KMIP

    Description

    KeyType defines the type of encryption key. This field is immutable after creation.

    couchbaseencryptionkeys.spec.kmipKey

    Constraints

    Type: object

    Description

    KmipKey defines settings for KMIP keys. This field is only valid when KeyType is "KMIP".

    couchbaseencryptionkeys.spec.kmipKey.clientSecret

    Constraints

    Required

    Type: string

    Description

    ClientSecret is the name of the secret containing the client private key, cert and passphrase. The secret must contain the keys "tls.crt", "tls.key", and "passphrase" with the data value of the client cert, key in encrypted pkcs8 format, and the passphrase for the key respectively.

    couchbaseencryptionkeys.spec.kmipKey.encryptionApproach

    Constraints

    Type: string

    Enumerations: NativeEncryptDecrypt, LocalEncrypt

    Description

    EncryptionApproach defines the encryption approach to use.

    couchbaseencryptionkeys.spec.kmipKey.host

    Constraints

    Required

    Type: string

    Description

    Host is the KMIP server host.

    couchbaseencryptionkeys.spec.kmipKey.keyID

    Constraints

    Type: string

    Description

    KeyID is the KMIP key identifier.

    couchbaseencryptionkeys.spec.kmipKey.port

    Constraints

    Required

    Type: integer

    Minimum: 1

    Maximum: 65536

    Description

    Port is the KMIP server port.

    couchbaseencryptionkeys.spec.kmipKey.timeoutInMs

    Constraints

    Required

    Type: integer

    Minimum: 1000

    Maximum: 300000

    Description

    TimeoutInMs is the timeout in milliseconds.

    couchbaseencryptionkeys.spec.kmipKey.verifyWithCouchbaseCA

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    VerifyWithCouchbaseCA defines whether to verify with Couchbase CA.

    couchbaseencryptionkeys.spec.kmipKey.verifyWithSystemCA

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    VerifyWithSystemCA defines whether to verify with system CA.

    couchbaseencryptionkeys.spec.usage

    Constraints

    Required

    Type: object

    Default: {'allBuckets': True, 'audit': True, 'configuration': True, 'key': True, 'log': True}

    Description

    Usage defines what the encryption key should be used for.

    couchbaseencryptionkeys.spec.usage.allBuckets

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    AllBuckets defines whether the key should be used for all buckets.

    couchbaseencryptionkeys.spec.usage.audit

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    Audit defines whether the key should be used for audit.

    couchbaseencryptionkeys.spec.usage.configuration

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    Configuration defines whether the key should be used for configurations.

    couchbaseencryptionkeys.spec.usage.key

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    Key defines whether the key should be used for keys.

    couchbaseencryptionkeys.spec.usage.log

    Constraints

    Required

    Type: boolean

    Default: True

    Description

    Log defines whether the key should be used for logs.