This message was deleted.

no, you can still provide your own secrets encryption config as covered in the Kubernetes docs, but the rke2's automatic management of the configuration via the secrets-encrypt command only supports the aescbc provider. If you provide your own configuration that uses a different provider, rke2 cannot manage it for you.

Ah cool thank you