docs: update disk-encryption.md

greenpsi · smira · commit ff175b9fbdb2 · 2025-01-23T18:27:32.000+04:00
Add note about network config when using KMS disk encryption.

Signed-off-by: greenpsi &lt;git@psinet.dev&gt;
Signed-off-by: Andrey Smirnov &lt;andrey.smirnov@siderolabs.com&gt;
diff --git a/website/content/v1.10/talos-guides/configuration/disk-encryption.md b/website/content/v1.10/talos-guides/configuration/disk-encryption.md
@@ -36,6 +36,8 @@ Talos Linux supports four encryption methods, which can be combined together for
 
 > Note: `nodeID` encryption is not designed to protect against attacks where physical access to the machine, including the drive, is available.
 > It uses the hardware characteristics of the machine in order to decrypt the data, so drives that have been removed, or recycled from a cloud environment or attached to a different virtual machine, will maintain their protection and encryption.
+>
+> Note: When using KMS encryption for `STATE` partition the network configuration can't be provided via the machine configuration, as KMS requires network connectivity before `STATE` partition is unlocked.
 
 ## Configuration
 
diff --git a/website/content/v1.8/talos-guides/configuration/disk-encryption.md b/website/content/v1.8/talos-guides/configuration/disk-encryption.md
@@ -36,6 +36,8 @@ Talos Linux supports four encryption methods, which can be combined together for
 
 > Note: `nodeID` encryption is not designed to protect against attacks where physical access to the machine, including the drive, is available.
 > It uses the hardware characteristics of the machine in order to decrypt the data, so drives that have been removed, or recycled from a cloud environment or attached to a different virtual machine, will maintain their protection and encryption.
+>
+> Note: When using KMS encryption for `STATE` partition the network configuration can't be provided via the machine configuration, as KMS requires network connectivity before `STATE` partition is unlocked.
 
 ## Configuration
 
diff --git a/website/content/v1.9/talos-guides/configuration/disk-encryption.md b/website/content/v1.9/talos-guides/configuration/disk-encryption.md
@@ -36,6 +36,8 @@ Talos Linux supports four encryption methods, which can be combined together for
 
 > Note: `nodeID` encryption is not designed to protect against attacks where physical access to the machine, including the drive, is available.
 > It uses the hardware characteristics of the machine in order to decrypt the data, so drives that have been removed, or recycled from a cloud environment or attached to a different virtual machine, will maintain their protection and encryption.
+>
+> Note: When using KMS encryption for `STATE` partition the network configuration can't be provided via the machine configuration, as KMS requires network connectivity before `STATE` partition is unlocked.
 
 ## Configuration
 
