mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 10:53:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: add vaultDestroyKeys option to destroy Vault kv-v2 secrets

Browse Source 
Hashicorp Vault does not completely remove the secrets in a kv-v2
backend when the keys are deleted. The metadata of the keys will be
kept, and it is possible to recover the contents of the keys afterwards.

With the new `vaultDestroyKeys` configuration parameter, this behaviour
can now be selected. By default the parameter will be set to `true`,
indicating that the keys and contents should completely be destroyed.
Setting it to any other value will make it possible to recover the
deleted keys.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
2021-08-02 11:35:26 +02:00
committed by mergify[bot]
parent d7bcb42481
commit f584db41e6
6 changed files with 82 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
examples/kms/vault/csi-kms-connection-details.yaml
View File

@ -29,6 +29,7 @@ data:
"KMS_PROVIDER": "vaulttokens",
"VAULT_ADDR": "http://vault.default.svc.cluster.local:8200",
"VAULT_BACKEND_PATH": "secret",
"VAULT_DESTROY_KEYS": "true",
"VAULT_SKIP_VERIFY": "true"
}
vault-tenant-sa-test: |-