Is your feature request related to a problem? Please describe.
k8s resources backups are stored in plain format in Swift, this is not secure if you backup secrets.
Describe the solution you'd like
Velero doesn't support encryption (see), but it supports restic for the file system backup (FSB).
I propose a feature to encrypt the data before it's stored in swift. A proposed encryption method should correspond to the one used in restic
Restic's license is BSD 2-clause, therefore it should be safe (this repo has compatible MIT license) to use it's source code for the encryption.
Is your feature request related to a problem? Please describe.
k8s resources backups are stored in plain format in Swift, this is not secure if you backup secrets.
Describe the solution you'd like
Velero doesn't support encryption (see), but it supports restic for the file system backup (FSB). I propose a feature to encrypt the data before it's stored in swift. A proposed encryption method should correspond to the one used in restic
Restic's license is BSD 2-clause, therefore it should be safe (this repo has compatible MIT license) to use it's source code for the encryption.