Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt

Use this file to discover all available pages before exploring further.

CoreWeave enables encryption at rest for Kubernetes Secrets by default in all CoreWeave Kubernetes Service (CKS) clusters. This feature uses a KMS-backed integration to encrypt etcd data automatically, providing enhanced security for sensitive configuration data.

Overview

Encryption at rest for Kubernetes Secrets is now enabled by default across all CoreWeave Kubernetes Service (CKS) clusters. This enhancement leverages a KMS-backed integration to automatically encrypt etcd data, providing stronger protection for sensitive configuration information. The feature was activated for new CKS clusters on June 24, 2025. As of July 9, 2025, encryption at rest has been rolled out to all existing clusters.
If your cluster was created on or before June 24, 2025, you’ll need to replace your existing Secrets once.
kubectl get secrets --all-namespaces -o json | kubectl replace -f -
After that, Secrets will be encrypted automatically, and CoreWeave manages the encryption lifecycle for you.

Additional resources

Last modified on April 20, 2026