Skip to main content
Version: 3.1

Shared content for all Kubernetes secrets docs - volume cluster-wide secret

Cluster wide secret key is basically a key value pair where the value part is the secret that is used as a passphrase for encrypting volumes. A cluster wide secret key is the default key that can be used to encrypt all the volumes.

To create a volume using a cluster wide secret key run the following command

pxctl volume create --secure --size 10 encrypted_volume
Volume successfully created: 822124500500459627
pxctl volume list
ID	      	     		NAME		SIZE	HA SHARED	ENCRYPTED	IO_PRIORITY	SCALE	STATUS
822124500500459627 encrypted_volume 10 GiB 1 no yes LOW 1 up - detached

To create a sharedv4 encrypted volume using the cluster wide secret key run the following command

pxctl volume create --sharedv4 --secure --size 10 encrypted_volume
Encrypted Shared volume successfully created: 77957787758406722

You can attach and mount the encrypted volume

pxctl host attach encrypted_volume
Volume successfully attached at: /dev/mapper/pxd-enc822124500500459627
pxctl host mount encrypted_volume /mnt
Volume encrypted_volume successfully mounted at /mnt

When using cluster wide secret key, the secret key does not need to be provided in any of the commands. When no secret key is provided in the pxctl volume commands, Portworx defaults to using the cluster wide secret key if set.