rbd: add kmip encryption type

The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol Signed-off-by: Rakshith R <rar@redhat.com>
2025-06-13 10:33:35 +00:00 · 2022-08-16 15:17:05 +05:30
parent 2fc10ded65
commit 0c33a33d5c
10 changed files with 803 additions and 13 deletions
--- a/examples/kms/vault/kms-config.yaml
+++ b/examples/kms/vault/kms-config.yaml
@ -100,6 +100,14 @@ data:
      "aws-sts-metadata-test": {
        "encryptionKMSType": "aws-sts-metadata",
        "secretName": "ceph-csi-aws-credentials"
+      },
+     "kmip-test": {
+        "KMS_PROVIDER": "kmip",
+        "KMIP_ENDPOINT": "kmip:5696",
+        "KMIP_SECRET_NAME": "ceph-csi-kmip-credentials",
+        "TLS_SERVER_NAME": "kmip.ciphertrustmanager.local",
+        "READ_TIMEOUT": 10,
+        "WRITE_TIMEOUT": 10
      }
    }
 metadata: