rke's credentials are stored in the RKE1 Cluster state ConfigMap
When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: RancherKubernetesEngineConfig RKENodeConfig SSH username SSH private key SSH private key path RKEConfigServices ETCDService External client key BackupConfig S3BackupConfig AWS access key AWS secret key KubeAPIService SecretsEncryptionConfig K8s …