diff --git a/examples/kms/vault/csi-kms-connection-details.yaml b/examples/kms/vault/csi-kms-connection-details.yaml
index 8a1a60d4b..4aac5bb0f 100644
--- a/examples/kms/vault/csi-kms-connection-details.yaml
+++ b/examples/kms/vault/csi-kms-connection-details.yaml
@@ -60,9 +60,9 @@ data:
       "IBM_KP_SECRET_NAME": "ceph-csi-aws-credentials",
       "AWS_REGION": "us-west-2"
     }
-  kp-metadata-test: |-
+  ibmkeyprotect-test: |-
     {
-      "KMS_PROVIDER": "kp-metadata",
+      "KMS_PROVIDER": "ibmkeyprotect",
       "IBM_KP_SECRET_NAME": "ceph-csi-kp-credentials",
       "IBM_KP_SERVICE_INSTANCE_ID": "7abef064-01dd-4237-9ea5-8b3890970be3",
       "IBM_KP_BASE_URL": "https://us-south.kms.cloud.ibm.com",
diff --git a/examples/kms/vault/kms-config.yaml b/examples/kms/vault/kms-config.yaml
index d52831436..b77afd37d 100644
--- a/examples/kms/vault/kms-config.yaml
+++ b/examples/kms/vault/kms-config.yaml
@@ -91,8 +91,8 @@ data:
         "encryptionKMSType": "metadata",
         "secretName": "storage-encryption-secret"
       },
-      "kp-metadata-test": {
-        "encryptionKMSType": "kp-metadata",
+      "ibmkeyprotect-test": {
+        "encryptionKMSType": "ibmkeyprotect",
         "secretName": "ceph-csi-kp-credentials",
         "keyProtectRegionKey": "us-south-2",
         "keyProtectServiceInstanceID": "7abef064-01dd-4237-9ea5-8b3890970be3"
diff --git a/internal/kms/keyprotect.go b/internal/kms/keyprotect.go
index 20d0637ea..387666db9 100644
--- a/internal/kms/keyprotect.go
+++ b/internal/kms/keyprotect.go
@@ -23,14 +23,15 @@ import (
 	"fmt"
 
 	"github.com/ceph/ceph-csi/internal/util/k8s"
+	"github.com/ceph/ceph-csi/internal/util/log"
 
 	kp "github.com/IBM/keyprotect-go-client"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
-	kmsTypeKeyProtectMetadata = "kp-metadata"
-
+	kmsTypeKeyProtectMetadata    = "ibmkeyprotect"
+	kmsTypeKeyProtectMetadataOld = "kp-metadata"
 	// keyProtectMetadataDefaultSecretsName is the default name of the Kubernetes Secret
 	// that contains the credentials to access the Key Protect KMS. The name of
 	// the Secret can be configured by setting the `IBM_KP_SECRET_NAME`
@@ -62,6 +63,21 @@ var _ = RegisterProvider(Provider{
 	Initializer: initKeyProtectKMS,
 })
 
+// RegisterProvider for kmsTypeKeyProtectMetadataOld is kept here for backward compatibility.
+var _ = RegisterProvider(Provider{
+	UniqueID:    kmsTypeKeyProtectMetadataOld,
+	Initializer: initKeyProtectKMSOld,
+})
+
+// initKeyProtectKMSOld is the wrapper with a warning log.
+func initKeyProtectKMSOld(args ProviderInitArgs) (EncryptionKMS, error) {
+	log.WarningLogMsg("%q is deprecated provider for IBM key Protect,"+
+		"use new provider name %q in the configuration, proceeding with %q",
+		kmsTypeKeyProtectMetadataOld, kmsTypeKeyProtectMetadata, kmsTypeKeyProtectMetadata)
+
+	return initKeyProtectKMS(args)
+}
+
 // KeyProtectKMS store the KMS connection information retrieved from the kms configmap.
 type KeyProtectKMS struct {
 	// basic options to get the secret