From a6ed8cb3677c27a8a1bb60d7b38c03de508894b6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 10:43:19 +0900 Subject: [PATCH] AUTO: Sync Helm Charts docs to ScalarDB Enterprise docs site repo (#663) Co-authored-by: josh-wong --- ...nfigure-custom-values-scalardb-cluster.mdx | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/versioned_docs/version-3.11/helm-charts/configure-custom-values-scalardb-cluster.mdx b/versioned_docs/version-3.11/helm-charts/configure-custom-values-scalardb-cluster.mdx index 4a74f59c..c431aae1 100644 --- a/versioned_docs/version-3.11/helm-charts/configure-custom-values-scalardb-cluster.mdx +++ b/versioned_docs/version-3.11/helm-charts/configure-custom-values-scalardb-cluster.mdx @@ -373,3 +373,46 @@ scalardbCluster: operator: Equal value: scalardb-cluster ``` + +### Encryption configurations (optional based on your environment) + +You can enable [encryption at rest](https://scalardb.scalar-labs.com/docs/latest/scalardb-cluster/encrypt-data-at-rest/) to protect the data in the backend databases. When you use the encryption feature, you have the following two deployment options: + +1. Use HashiCorp Vault (HashiCorp Cloud Platform (HCP) Vault Dedicated) to manage and store the DEKs. +1. Use ScalarDB Cluster to manage the DEK, and store it in Kubernetes Secrets. + +#### Use HashiCorp Vault + +You can use HashiCorp Vault (HCP Vault Dedicated) to encrypt data as follows, replacing the contents in the angle brackets as described: + +```yaml +scalardbCluster: + scalardbClusterNodeProperties: | + ...(omit)... + scalar.db.cluster.encryption.enabled=true + scalar.db.cluster.encryption.type=vault + scalar.db.cluster.encryption.vault.address=https://: + scalar.db.cluster.encryption.vault.token= + scalar.db.cluster.encryption.vault.transit_secrets_engine_path= + encryption: + enabled: true + type: "vault" +``` + +#### Use ScalarDB Cluster and Kubernetes Secrets + +You can use ScalarDB Cluster and Kubernetes Secrets to encrypt data as follows, replacing the contents in the angle brackets as described: + +```yaml +scalardbCluster: + scalardbClusterNodeProperties: | + ...(omit)... + scalar.db.cluster.encryption.enabled=true + scalar.db.cluster.encryption.type=self + scalar.db.cluster.encryption.self.kubernetes.secret.namespace_name=${env:SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME} + encryption: + enabled: true + type: "self" +``` + +In this case, you don't need to replace `${env:SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME}` since the Helm Chart for ScalarDB Cluster automatically sets the namespace information as an environment variable. Because of this, you can keep the value `${env:SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME}` as is.