Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AUTO: Docs repo sync - Helm Charts #663

Merged
merged 1 commit into from
Oct 24, 2024
Merged

AUTO: Docs repo sync - Helm Charts #663

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions ...oned_docs/version-3.11/helm-charts/configure-custom-values-scalardb-cluster.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,3 +373,46 @@ scalardbCluster:
operator: Equal
value: scalardb-cluster
```

### Encryption configurations (optional based on your environment)

You can enable [encryption at rest](https://scalardb.scalar-labs.com/docs/latest/scalardb-cluster/encrypt-data-at-rest/) to protect the data in the backend databases. When you use the encryption feature, you have the following two deployment options:

1. Use HashiCorp Vault (HashiCorp Cloud Platform (HCP) Vault Dedicated) to manage and store the DEKs.
1. Use ScalarDB Cluster to manage the DEK, and store it in Kubernetes Secrets.

#### Use HashiCorp Vault

You can use HashiCorp Vault (HCP Vault Dedicated) to encrypt data as follows, replacing the contents in the angle brackets as described:

```yaml
scalardbCluster:
scalardbClusterNodeProperties: |
...(omit)...
scalar.db.cluster.encryption.enabled=true
scalar.db.cluster.encryption.type=vault
scalar.db.cluster.encryption.vault.address=https://<FQDN_OR_IP_OF_VAULT_SERVER>:<PORT_OF_VAULT_SERVER>
scalar.db.cluster.encryption.vault.token=<TOKEN_OF_VAULT>
scalar.db.cluster.encryption.vault.transit_secrets_engine_path=<PATH_TO_TRANSIT_OF_VAULT>
encryption:
enabled: true
type: "vault"
```

#### Use ScalarDB Cluster and Kubernetes Secrets

You can use ScalarDB Cluster and Kubernetes Secrets to encrypt data as follows, replacing the contents in the angle brackets as described:

```yaml
scalardbCluster:
scalardbClusterNodeProperties: |
...(omit)...
scalar.db.cluster.encryption.enabled=true
scalar.db.cluster.encryption.type=self
scalar.db.cluster.encryption.self.kubernetes.secret.namespace_name=${env:SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME}
encryption:
enabled: true
type: "self"
```

In this case, you don't need to replace `${env:SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME}` since the Helm Chart for ScalarDB Cluster automatically sets the namespace information as an environment variable. Because of this, you can keep the value `${env:SCALAR_DB_CLUSTER_ENCRYPTION_SELF_KUBERNETES_SECRET_NAMESPACE_NAME}` as is.