Search code examples
terraformamazon-eksamazon-kms

How to enable Secrets encryption on EKS cluster?


I use the Terraform EKS module, terraform-aws-modules/eks/aws (version: 18.30.1). I would like to enable Secrets encryption for EKS cluster. I added lines as follows in my code.

  create_kms_key  = true
  kms_key_description = "KMS Secrets encryption for EKS cluster."
  kms_key_enable_default_policy   = true

After I terraform apply, the "Secrets encryption" is still off. I read the document. No clue what is missing.


Solution

  • Thanks for the answer. Lines as follows solved the problem.

      create_kms_key                  = true
      cluster_encryption_config = [{
        resources = ["secrets"]
      }]
    
      kms_key_description             = "KMS Secrets encryption for EKS cluster."
      kms_key_enable_default_policy   = true