mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-23 05:20:19 +00:00
9200bc7a00
This commit adds the support for HPCS/Key Protect IBM KMS service to Ceph CSI service. EncryptDEK() and DecryptDEK() of RBD volumes are done with the help of key protect KMS server by wrapping and unwrapping the DEK and by using the DEKStoreMetadata. Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
14 lines
453 B
YAML
14 lines
453 B
YAML
---
|
|
# This is an example Kubernetes Secret that can be created in the Kubernetes
|
|
# Namespace where Ceph-CSI is deployed. The contents of this Secret will be
|
|
# used to connect to the Key Protect KMS.
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: ceph-csi-kp-credentials
|
|
stringData:
|
|
KP_SERVICE_API_KEY: "UhMN3Jko1pCpDPpFV65N8dYANBv5vF97QuNHqXVHmKa0"
|
|
KP_CUSTOMER_ROOT_KEY: "c7a9aa91-5cb5-48da-a821-e85c27b99d92"
|
|
KP_SESSION_TOKEN: ""
|
|
KP_CRK_ARN: ""
|