mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-26 00:00:23 +00:00
4f0bb2315b
With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com>
13 lines
618 B
Go
13 lines
618 B
Go
// Code generated by smithy-go-codegen DO NOT EDIT.
|
|
|
|
// Package sts provides the API client, operations, and parameter types for AWS
|
|
// Security Token Service.
|
|
//
|
|
// Security Token Service Security Token Service (STS) enables you to request
|
|
// temporary, limited-privilege credentials for Identity and Access Management
|
|
// (IAM) users or for users that you authenticate (federated users). This guide
|
|
// provides descriptions of the STS API. For more information about using this
|
|
// service, see Temporary Security Credentials
|
|
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
|
|
package sts
|