ceph-csi/examples/kms/vault
Rakshith R 4f0bb2315b rbd: add aws-sts-metdata encryption type
With Amazon STS and kubernetes cluster is configured with
OIDC identity provider, credentials to access Amazon KMS
can be fetched using oidc-token(serviceaccount token).
Each tenant/namespace needs to create a secret with aws region,
role and CMK ARN.
Ceph-CSI will assume the given role with oidc token and access
aws KMS, with given CMK to encrypt/decrypt DEK which will stored
in the image metdata.

Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
Resolves: #2879

Signed-off-by: Rakshith R <rar@redhat.com>
2022-03-16 07:29:56 +00:00
..
aws-credentials.yaml doc: add configuration example for Amazon KMS 2021-04-06 07:33:54 +00:00
aws-sts-credentials.yaml rbd: add aws-sts-metdata encryption type 2022-03-16 07:29:56 +00:00
csi-kms-connection-details.yaml rbd: add aws-sts-metdata encryption type 2022-03-16 07:29:56 +00:00
csi-vaulttokenreview-rbac.yaml Adds per volume encryption with Vault integration 2020-02-05 05:18:56 +00:00
kms-config.yaml rbd: add aws-sts-metdata encryption type 2022-03-16 07:29:56 +00:00
kp-credentials.yaml rbd: change the configmap of HPCS/KP key names to reflect the IBM string 2022-01-05 06:08:19 +00:00
tenant-config.yaml util: allow configuring VAULT_BACKEND for Vault connection 2021-07-22 13:02:47 +00:00
tenant-sa-admin.yaml util: allow configuring VAULT_BACKEND for Vault connection 2021-07-22 13:02:47 +00:00
tenant-sa.yaml util: allow configuring VAULT_BACKEND for Vault connection 2021-07-22 13:02:47 +00:00
tenant-token.yaml e2e: add test for VaultTokensKMS support 2020-12-14 14:45:09 +00:00
user-secret.yaml e2e: add e2e for user secret based metadata encryption 2021-07-08 17:06:02 +00:00
vault-psp.yaml Adds per volume encryption with Vault integration 2020-02-05 05:18:56 +00:00
vault.yaml ci: use 1.8.5 vault for e2e 2021-11-19 10:37:14 +00:00