Merge pull request #53152 from asme30/encryption-etcd

jab-rh · web-flow · commit b3e628f87f17 · 2022-12-15T17:59:18.000-05:00
encryption restoration details
diff --git a/modules/about-etcd-encryption.adoc b/modules/about-etcd-encryption.adoc
@@ -21,5 +21,7 @@ When you enable etcd encryption, encryption keys are created. These keys are rot
 
 [NOTE]
 ====
-Keep in mind that etcd encryption only encrypts values, not keys. This means that resource types, namespaces, and object names are unencrypted.
+Etcd encryption only encrypts values, not keys. Resource types, namespaces, and object names are unencrypted.
+
+If etcd encryption is enabled during a backup, the `__static_kuberesources_<datetimestamp>.tar.gz__` file contains the encryption keys for the etcd snapshot. For security reasons, store this file separately from the etcd snapshot. However, this file is required to restore a previous state of etcd from the respective etcd snapshot.
 ====
