kms: Implement Azure key vault as KMS provider

This commit adds the Azure Key Vault as a supported KMS provider. Signed-off-by: Praveen M <m.praveen@ibm.com>
2025-06-13 02:33:34 +00:00 · 2024-02-16 15:35:08 +05:30
parent d93c75517e
commit 8901b456fd
5 changed files with 273 additions and 0 deletions
--- a/examples/kms/vault/azure-credentials.yaml
+++ b/examples/kms/vault/azure-credentials.yaml
@ -0,0 +1,10 @@
+---
+# This is an example Kubernetes secret that can be created in the Kubernetes
+# namespace where Ceph-CSI is deployed. The contents of this secret will be
+# used to connect to the Azure Key Vault.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ceph-csi-azure-credentials
+data:
+  CLIENT_CERT: ""
--- a/examples/kms/vault/csi-kms-connection-details.yaml
+++ b/examples/kms/vault/csi-kms-connection-details.yaml
@ -83,5 +83,13 @@ data:
      "READ_TIMEOUT": 10,
      "WRITE_TIMEOUT": 10
    }
+  azure-test: |-
+    {
+      "KMS_PROVIDER": "azure-kv",
+      "AZURE_CERT_SECRET_NAME": "ceph-csi-azure-credentials",
+      "AZURE_VAULT_URL": "https://vault-name.vault.azure.net/",
+      "AZURE_CLIENT_ID": "__CLIENT_ID__",
+      "AZURE_TENANT_ID": "__TENANT_ID__"
+    }
 metadata:
  name: csi-kms-connection-details
--- a/examples/kms/vault/kms-config.yaml
+++ b/examples/kms/vault/kms-config.yaml
@ -108,6 +108,13 @@ data:
        "TLS_SERVER_NAME": "kmip.ciphertrustmanager.local",
        "READ_TIMEOUT": 10,
        "WRITE_TIMEOUT": 10
+      },
+      "azure-test": {
+        "KMS_PROVIDER": "azure-kv",
+        "AZURE_CERT_SECRET_NAME": "ceph-csi-azure-credentials",
+        "AZURE_VAULT_URL": "https://vault-name.vault.azure.net/",
+        "AZURE_CLIENT_ID": "__CLIENT_ID__",
+        "AZURE_TENANT_ID": "__TENANT_ID__"
      }
    }
 metadata: