mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-22 14:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: correct typo in hpcs or key protect design

Browse Source 
File name is corrected and also a typo in the same

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-28 17:18:56 +05:30 committed by mergify[bot]
parent 28fef9b379
commit e1cbd90c0b
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/design/proposals/encryped-with-keyprotect.md → docs/design/proposals/encryption-with-keyprotect.md
View File

@ -16,7 +16,7 @@ service from the CSI driver and to make use of the encryption operations:
The Key Protect/HPCS connection URL. The Key Protect/HPCS connection URL.
* IBM_KP_TOKEN_URL * IBM_KP_TOKEN_URL
The Token Authenticaltion URL of KeyProtect/HPCS service. The Token Authentication URL of KeyProtect/HPCS service.
* KMS_SERVICE_NAME * KMS_SERVICE_NAME
A unique name for the key management service within the project. A unique name for the key management service within the project.
@ -31,14 +31,14 @@ Ex: 06x6DbTkVQ-qCRmq9cK-p9xOQpU2UwJMcdjnIDdr0g2R
Ex: c7a9aa91-5cb5-48da-a821-e85c27b99d92 Ex: c7a9aa91-5cb5-48da-a821-e85c27b99d92
* IBM_KP_REGION * IBM_KP_REGION
Region of the key protect service, ex: us-south-2 Region of the Key Protect service, ex: us-south-2
``` ```
### Values provided in the connection Secret ### Values provided in the connection Secret
Considering `SERVICE_API_KEY` and `CUSTOMER_ROOT_KEY` are sensitive information, Considering `SERVICE_API_KEY` and `CUSTOMER_ROOT_KEY` are sensitive information,
those will be provided as a Kubernetes Secret to the CSI driver. The Ceph CSI those will be provided as a Kubernetes Secret to the CSI driver. The Ceph CSI
KMS plugin interface for the key protect will read the Secret name from the kms KMS plugin interface for the Key Protect will read the Secret name from the kms
ConfigMap and fetch these values. `SESSION_TOKEN and CRK_ARN` values can also be ConfigMap and fetch these values. `SESSION_TOKEN and CRK_ARN` values can also be
provided by the user as part of the Secret if needed. How-ever these values are provided by the user as part of the Secret if needed. How-ever these values are
considered to be optional. considered to be optional.
@ -56,7 +56,7 @@ config map to `KMS_SERVICE_NAME`.
## Volume Encrypt or Decrypt Operation ## Volume Encrypt or Decrypt Operation
The IBM Key protect server's `wrap` and `unwrap` functionalities will be used by The IBM Key Protect server's `wrap` and `unwrap` functionalities will be used by
the Ceph CSI driver to achieve encryption and decryption of volumes. The DEK can the Ceph CSI driver to achieve encryption and decryption of volumes. The DEK can
be wrapped with the help of Customer Root Key (CRK) and can be used for LUKS be wrapped with the help of Customer Root Key (CRK) and can be used for LUKS
operation. The wrapped cipher blob will be stored inside the image metadata ( as operation. The wrapped cipher blob will be stored inside the image metadata ( as
@ -66,9 +66,9 @@ with the help of cipher blob and Key Protect server
## Integration APIS ## Integration APIS
[Key Protect Go Client](https://github.com/IBM/keyprotect-go-client) provide the [Key Protect Go Client](https://github.com/IBM/keyprotect-go-client) provide the
client SDK to interact with the Key Protect server and perform key protect client SDK to interact with the Key Protect server and perform Key Protect
operations. operations.
## Additional Reference ## Additional Reference
[Key Protect Doc](https://cloud.ibm.com/docs/key-protect) [Key Protect Doc](https://cloud.ibm.com/docs/key-protect)