From da2f4e1ea7506659fca8a940c4cf4faf72074313 Mon Sep 17 00:00:00 2001
From: Tami Love <tlove@redhat.com>
Date: Mon, 25 Aug 2025 09:10:10 -0400
Subject: [PATCH] Add information for encrypt etcd disk

---
 .../microshift-install-get-ready.adoc                    | 6 ++++++
 modules/microshift-encrypt-etcd-data.adoc                | 9 +++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 modules/microshift-encrypt-etcd-data.adoc

diff --git a/microshift_install_get_ready/microshift-install-get-ready.adoc b/microshift_install_get_ready/microshift-install-get-ready.adoc
index 7ad1c086d736..9dc67d573c2b 100644
--- a/microshift_install_get_ready/microshift-install-get-ready.adoc
+++ b/microshift_install_get_ready/microshift-install-get-ready.adoc
@@ -20,6 +20,12 @@ include::modules/microshift-install-rhel-tools-concepts.adoc[leveloffset=+1]
 
 include::modules/microshift-install-rhde-steps.adoc[leveloffset=+1]
 
+include::modules/microshift-encrypt-etcd-data.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_storage_devices/encrypting-block-devices-using-luks_managing-storage-devices#luks-disk-encryption_encrypting-block-devices-using-luks[LUKS disk encryption]
+
 [id="additional-resources_microshift-install-get-ready_{context}"]
 [role="_additional-resources"]
 == Additional resources
diff --git a/modules/microshift-encrypt-etcd-data.adoc b/modules/microshift-encrypt-etcd-data.adoc
new file mode 100644
index 000000000000..b2e680e732f4
--- /dev/null
+++ b/modules/microshift-encrypt-etcd-data.adoc
@@ -0,0 +1,9 @@
+// Module included in the following assembly:
+//
+// * microshift_install_get_ready/microshift-install-get-ready.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-encrypt-etcd-data_{context}"]
+= Encrypt etcd data
+
+Kubernetes objects are stored in an etcd database and might contain sensitive data. The etcd data is not encrypted by default. You can encrypt the disk that contains the etcd database by using the Linux Unified Key Setup-on-disk-format (LUKS) management tool for block device encryption.
\ No newline at end of file