Bug 1858720

Summary: [RFE] Vault Data Key API
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Harald Klein <hklein>
Component: RGWAssignee: Marcus Watts <mwatts>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: low Docs Contact: Ranjini M N <rmandyam>
Priority: unspecified    
Version: 4.1CC: agunn, cbodley, ceph-eng-bugs, dwojewod, gsitlani, kbader, mbenjamin, mhackett, mmuench, mwatts, rmandyam, tserlin, vimishra
Target Milestone: ---Keywords: FutureFeature
Target Release: 5.1Flags: mbenjamin: needinfo? (hklein)
agunn: needinfo? (mwatts)
rmandyam: needinfo? (mwatts)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-16.2.6-16.el8cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-04 10:19:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2031073    

Description Harald Klein 2020-07-20 08:18:15 UTC 
Description of problem:

Currently the HashiCorp Vault is supported via a KV or Transit engine. The transit engine requires usage of an exportable key. 

Version-Release number of selected component (if applicable):

current

How reproducible:

n/a

Actual results:

n/a

Expected results:

Integration with the data key API would not require an exportable key. The key is generated by the transit engine, encrypts the data and is then stored with the data. The key itself is encrypted and cannot be used without additional calls to the transit engine. This would result in a more secure deployment.
Comment 19 errata-xmlrpc 2022-04-04 10:19:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1174