mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-05-20 22:36:42 +00:00
5e63743243
This new KMS is based on the (default) SecretsKMS, but instead of using the passphrase for all volumes, the passphrase is used to encrypt/decrypt a Data-Encryption-Key that is stored in the metadata of the volume. CC: Patrick Uiterwijk <puiterwijk@redhat.com> - for encryption guidance Signed-off-by: Niels de Vos <ndevos@redhat.com>