Bug 1678571

Summary: Secrets encrypted for openshift online
Product: OpenShift Online Reporter: Jatan Malde <jmalde>
Component: DocumentationAssignee: Ashley Hardin <ahardin>
Status: CLOSED CURRENTRELEASE QA Contact: Vikram Goyal <vigoyal>
Severity: high Docs Contact: Vikram Goyal <vigoyal>
Priority: unspecified    
Version: 3.xCC: abhgupta, ahardin, aos-bugs, jokerman, mmccomas, vigoyal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-26 18:38:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jatan Malde 2019-02-19 06:21:59 UTC 
Document URL: 

https://docs.openshift.com/online/architecture/index.html#arch-index-how-is-it-secured

Section Number and Name: 

How Is OpenShift Online Secured?

Describe the issue: 

The above section does not includes encryption for secrets which is seen in Openshift 3.11 docs. 

https://docs.openshift.com/container-platform/3.11/admin_guide/encrypting_data.html#encrypting-data-process

Suggestions for improvement: 

Our Openshift online hosting is currently on Openshift 3.11, so if the secrets could be encrypted as mentioned in the above section, the same changes should be added to our Openshift Online documentation. 

Additional information:
Comment 2 Abhishek Gupta 2019-02-21 21:30:11 UTC 
This configuration and encryption is something that Ops would do and would apply for all application secrets. So, we'll need to determine if ops is encrypting user application secrets in Online and, if so, highlight that in our documentation of how we secure Online.
Comment 3 Vikram Goyal 2019-02-22 05:22:57 UTC 
(In reply to Abhishek Gupta from comment #2)
> This configuration and encryption is something that Ops would do and would
> apply for all application secrets. So, we'll need to determine if ops is
> encrypting user application secrets in Online and, if so, highlight that in
> our documentation of how we secure Online.

Abhishek, so did you want me to assign this bug to you for the moment?
Comment 4 Ashley Hardin 2019-02-26 18:38:07 UTC 
I confirmed with our Ops team that this is still experimental. We haven't enabled this in our Online environments, but I will check to see if this is planned for a future release. With that said, no documentation updates are needed at this time.

With that said, I am closing this bug for now.