mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: add SecretsMetadataKMS

Browse Source 
This new KMS is based on the (default) SecretsKMS, but instead of using
the passphrase for all volumes, the passphrase is used to
encrypt/decrypt a Data-Encryption-Key that is stored in the metadata of
the volume.

CC: Patrick Uiterwijk <puiterwijk@redhat.com> - for encryption guidance
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
2021-03-02 18:48:05 +01:00
committed by mergify[bot]
parent 2b7f078943
commit 5e63743243
3 changed files with 249 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/util/crypto.go
View File

@ -235,6 +235,8 @@ func GetKMS(tenant, kmsID string, secrets map[string]string) (EncryptionKMS, err
}
switch kmsType {
case kmsTypeSecretsMetadata:
return initSecretsMetadataKMS(kmsID, secrets)
case kmsTypeVault:
return InitVaultKMS(kmsID, kmsConfig, secrets)
case kmsTypeVaultTokens: