July 9, 2025 - CKS encryption at rest

CoreWeave enables encryption at rest for Kubernetes Secrets by default in all CoreWeave Kubernetes Service (CKS) clusters. This feature uses a KMS-backed integration to encrypt etcd data automatically, providing enhanced security for sensitive configuration data.

Overview

Encryption at rest for Kubernetes Secrets is now enabled by default across all CoreWeave Kubernetes Service (CKS) clusters. This enhancement leverages a KMS-backed integration to automatically encrypt etcd data, providing stronger protection for sensitive configuration information. The feature was activated for new CKS clusters on June 24, 2025. As of July 9, 2025, encryption at rest has been rolled out to all existing clusters.

If your cluster was created on or before June 24, 2025, you’ll need to replace your existing Secrets once.

kubectl get secrets --all-namespaces -o json | kubectl replace -f -

After that, Secrets will be encrypted automatically, and CoreWeave manages the encryption lifecycle for you.

Additional resources

Encryption at rest for Kubernetes Secrets

Last modified on April 20, 2026

July 9, 2025 - NVIDIA RTX Pro 6000 Blackwell available

July 7, 2025 - Unmanaged auth API

⌘I

​Overview

​Additional resources

Overview

Additional resources