Description of problem:
Cu is testing on a test environment for test purposes only
GKLM does not work on Ceph
Cu trying to follow upstream documentation
https://docs.ceph.com/en/quincy/radosgw/kmip/
Cu was advised that it is not officially supported. and to use Hashicorp Vault.
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6/html/object_gateway_guide/security#the_hashicorp_vault
Spoke with lead architect G.G and confirmed that only Hashicorp is supported
Version-Release number of selected component (if applicable): na
How reproducible:
not reproducible
Steps to Reproduce:
Cu has done the following:
1. Set up GKLM server
2. Followed steps in https://docs.ceph.com/en/quincy/radosgw/kmip/
2a. adjust the ceph.conf
2b. create a bucket
2c. cannot set any encryption as there is no Token available from GKLM or certificate directory on GKLM.
3. Then test the following upload: aws --endpoint-url http://xyz s3 cp /plaintext.txt s3://xyzdirectory/xyzencrypted.txt --sse aws:kms --sse-kms-key-id Kxyz
Actual results:
upload failed: when calling the PutObject operation: Failed to retrieve the actual key, kms-keyid:
Expected results:
File uploaded
Additional info:
Cu wants to know if there are any plans to support GKLM
Let me know if there is any information that I can add here
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2024:10216
Comment 13Red Hat Bugzilla
2025-03-26 04:25:12 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days