> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# July 9, 2025 - CKS encryption at rest

> CKS now supports encryption at rest for enhanced data security and compliance

CoreWeave enables encryption at rest for Kubernetes Secrets by default in all CoreWeave Kubernetes Service (CKS) clusters. This feature uses a KMS-backed integration to encrypt etcd data automatically, providing enhanced security for sensitive configuration data.

## Overview

[Encryption at rest for Kubernetes Secrets](/products/cks/clusters/secrets) is now enabled by default across all CoreWeave Kubernetes Service (CKS) clusters. This enhancement leverages a KMS-backed integration to automatically encrypt etcd data, providing stronger protection for sensitive configuration information.

The feature was activated for new CKS clusters on **June 24, 2025**. As of **July 9, 2025**, encryption at rest has been rolled out to **all** existing clusters.

<Warning>
  If your cluster was created on or before June 24, 2025, you'll need to replace your existing Secrets once.

  ```bash theme={"system"}
  kubectl get secrets --all-namespaces -o json | kubectl replace -f -
  ```

  After that, Secrets will be encrypted automatically, and [CoreWeave manages the encryption lifecycle for you](/products/cks/clusters/secrets).
</Warning>

## Additional resources

* [Encryption at rest for Kubernetes Secrets](/products/cks/clusters/secrets)