From eb2b4fd059353cd83e452610d686c0241fb7fe55 Mon Sep 17 00:00:00 2001
From: Leonard Cohnen <lc@edgeless.systems>
Date: Wed, 20 Nov 2024 20:23:55 +0100
Subject: [PATCH] docs: remove mentioning of Cilium's key rotation for IPSec
 since it does not apply to WireGuard

---
 docs/docs/architecture/keys.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/docs/architecture/keys.md b/docs/docs/architecture/keys.md
index 553d9d4e2..49821cd0b 100644
--- a/docs/docs/architecture/keys.md
+++ b/docs/docs/architecture/keys.md
@@ -42,7 +42,6 @@ Each node creates its own [Curve25519](http://cr.yp.to/ecdh.html) encryption key
 A node uses another node's public key to decrypt and encrypt traffic from and to Cilium-managed endpoints running on that node.
 Connections are always encrypted peer-to-peer using [ChaCha20](http://cr.yp.to/chacha.html) with [Poly1305](http://cr.yp.to/mac.html).
 WireGuard implements [forward secrecy with key rotation every 2 minutes](https://lists.zx2c4.com/pipermail/wireguard/2017-December/002141.html).
-Cilium supports [key rotation](https://docs.cilium.io/en/stable/security/network/encryption-ipsec/#key-rotation) for the long-term node keys via Kubernetes secrets.
 
 ## Storage encryption