mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-09-19 15:09:56 +00:00
4f0bb2315b
With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com> |
||
|---|---|---|
| .. | ||
| aws_metadata_test.go | ||
| aws_metadata.go | ||
| aws_sts_metadata_test.go | ||
| aws_sts_metadata.go | ||
| keyprotect_test.go | ||
| keyprotect.go | ||
| kms_test.go | ||
| kms.go | ||
| secretskms_test.go | ||
| secretskms.go | ||
| vault_sa_test.go | ||
| vault_sa.go | ||
| vault_test.go | ||
| vault_tokens_test.go | ||
| vault_tokens.go | ||
| vault.go | ||