This message was deleted.
# generala
adamant-kite-43734
09/15/2022, 8:38 PMThis message was deleted.
c
creamy-pencil-82913
09/15/2022, 8:47 PMI then disabled the secrets-encryptHow did you do that exactly? First of all its hardcoded on, second if you turn it off when it’s been previously enabled, everything will break because the apiserver will not be able to decrypt any of the secrets.
creamy-pencil-82913
09/15/2022, 8:52 PMthen used crictl to stop the containerwhich container did you stop? You shouldn’t poke at the control-plane static pods directly. Those should only be managed by rke2. If you change the RKE2 configuration and restart the rke2-server service, the pod configuration will be regenerated and the new configuration applied.
creamy-pencil-82913
09/15/2022, 9:04 PMThe officially approved way to disable it is to use the secrets-encrypt command:
https://docs.rke2.io/subcommands/#secrets-encrypt
creamy-pencil-82913
09/15/2022, 9:04 PMIf you want to edit the config file yourself, you can do so, but it is not currently supported.
i
icy-yak-43924
09/15/2022, 9:11 PMI used the secrets-encrypt disable subcommand, and then restarted the api-server, I want to use a kms or vault but can't seem to add them to the encryption-configuration.json that is why I was trying to overwrite it with my own
c
creamy-pencil-82913
09/15/2022, 9:48 PMI don’t believe we’ve tested that
11 Views