mirror of
https://github.com/ceph/ceph
synced 2025-03-11 02:39:05 +00:00
1e5b58ad50
Extend server-side encryption functionality in Rados Gateway to support HashiCorp Vault as a Key Management System in addition to existing support for OpenStack Barbican. This is the first part of this change, supporting Vault's token-based authentication only. Agent-based authentication as well as other features such as Vault namespaces will be added in subsequent commits. Note that Barbican remains the default backend for SSE-KMS (rgw crypt s3 kms backend) to avoid breaking existing deployments. Feature: https://tracker.ceph.com/issues/41062 Notes: https://pad.ceph.com/p/rgw_sse-kms Implemented so far: * Move existing SSE-KMS functions from rgw_crypt.cc to rgw_kms.cc * Vault authentication with a token read from file * Add new ceph.conf settings for Vault * Document new ceph.conf settings * Update main encryption documentation page * Add documentation page for SSE-KMS using Vault Signed-off-by: Andrea Baglioni <andrea.baglioni@workday.com> Signed-off-by: Sergio de Carvalho <sergio.carvalho@workday.com> |
||
|---|---|---|
| .. | ||
| _ext | ||
| _static/js | ||
| _templates | ||
| _themes/ceph | ||
| api | ||
| ceph-volume | ||
| cephfs | ||
| changelog | ||
| dev | ||
| images | ||
| install | ||
| man | ||
| mgr | ||
| mon | ||
| rados | ||
| radosgw | ||
| rbd | ||
| releases | ||
| scripts | ||
| start | ||
| .gitignore | ||
| architecture.rst | ||
| CMakeLists.txt | ||
| conf.py | ||
| favicon.ico | ||
| glossary.rst | ||
| governance.rst | ||
| index.rst | ||
| logo.png | ||
| man_index.rst | ||
| README.md | ||
