ceph-csi/examples/kms/vault/kp-credentials.yaml

---
# This is an example Kubernetes Secret that can be created in the Kubernetes
# Namespace where Ceph-CSI is deployed. The contents of this Secret will be
# used to connect to the Key Protect KMS.
apiVersion: v1
kind: Secret
metadata:
  name: ceph-csi-kp-credentials
stringData:
  IBM_KP_SERVICE_API_KEY: "UhMN3Jko1pCpDPpFV65N8dYANBv5vF97QuNHqXVHmKa0"
  IBM_KP_CUSTOMER_ROOT_KEY: "c7a9aa91-5cb5-48da-a821-e85c27b99d92"
  IBM_KP_SESSION_TOKEN: ""
  IBM_KP_CRK_ARN: ""
rbd: Implement Key Protect KMS integration for Ceph CSI This commit adds the support for HPCS/Key Protect IBM KMS service to Ceph CSI service. EncryptDEK() and DecryptDEK() of RBD volumes are done with the help of key protect KMS server by wrapping and unwrapping the DEK and by using the DEKStoreMetadata. Signed-off-by: Humble Chirammal <hchiramm@redhat.com> 2021-12-20 11:19:54 +05:30			`---`
			`# This is an example Kubernetes Secret that can be created in the Kubernetes`
			`# Namespace where Ceph-CSI is deployed. The contents of this Secret will be`
			`# used to connect to the Key Protect KMS.`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: ceph-csi-kp-credentials`
			`stringData:`
rbd: change the configmap of HPCS/KP key names to reflect the IBM string considering IBM has different crypto services (ex: SKLM) in place, its good to keep the configmap key names with below format `IBM_KP_...` instead of `KP_..` so that in future, if we add more crypto services from IBM we can keep similar schema specific to that specific service from IBM. Ex: `IBM_SKLM_...` Signed-off-by: Humble Chirammal <hchiramm@redhat.com> 2022-01-04 14:53:21 +05:30			`IBM_KP_SERVICE_API_KEY: "UhMN3Jko1pCpDPpFV65N8dYANBv5vF97QuNHqXVHmKa0"`
			`IBM_KP_CUSTOMER_ROOT_KEY: "c7a9aa91-5cb5-48da-a821-e85c27b99d92"`
			`IBM_KP_SESSION_TOKEN: ""`
			`IBM_KP_CRK_ARN: ""`