InformationETCD is not enabled by default; enabling it can provide an additional layer of protection.
You can enable etcd encryption for your cluster to provide an additional layer of data security. For example, it can help protect the loss of sensitive data if an etcd backup is exposed to the incorrect parties.
With encrpytion on etcd the following contents are encrypted at rest
OAuth access tokens
OAuth authorize tokens
SolutionModify the API Server Object
oc edit apiserver
Set the encryption field type to aescbc:
spec: encryption: type: aescbc
Save the file to apply the changes.
The encryption process starts. It can take 20 minutes or longer for this process to complete, depending on the size of your cluster.
By default ETCD is not encrypted