I use the Terraform EKS module, terraform-aws-modules/eks/aws (version: 18.30.1). I would like to enable Secrets encryption for EKS cluster. I added lines as follows in my code.
create_kms_key = true
kms_key_description = "KMS Secrets encryption for EKS cluster."
kms_key_enable_default_policy = true
After I terraform apply, the "Secrets encryption" is still off. I read the document. No clue what is missing.
Thanks for the answer. Lines as follows solved the problem.
create_kms_key = true
cluster_encryption_config = [{
resources = ["secrets"]
}]
kms_key_description = "KMS Secrets encryption for EKS cluster."
kms_key_enable_default_policy = true