Rotate object storage credentials

Google Distributed Cloud (GDC) air-gapped appliance has software-defined object storage with its own object storage user management system. Each object storage user credential is stored as a secret in Kubernetes clusters.

This document describes the steps to rotate object storage user credentials. Rotate object storage user credentials in the following situations:

  • regularly scheduled key rotation to rotate all user keys.
  • mitigating key exposure. You should rotate the exposed user key as soon as possible.

Before you begin

Complete the following steps:

  1. Verify that you meet the laptop prerequisites.
  2. Ensure that you can login to the three nodes and run software-defined storage CLI commands.
  3. Ensure that you can log as admin in to the root admin cluster using kubectl.

Translate UID

Each object storage user has an access key and secret key that are stored as a Kubernetes secret and used by Kubernetes workloads to access the backend object storage. Rotating the user keys includes updating all the secrets.

Content restricted to approved operating partners. Contact your account manager for access to this page.