Bug 2222831

Summary: GKLM Integration with Ceph Ceph 6.0
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Alexander <allee>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: NEW --- QA Contact: Madhavi Kasturi <mkasturi>
Severity: low Docs Contact:
Priority: low    
Version: 6.0CC: allee, bhubbard, ceph-eng-bugs, cephqe-warriors, ckulal, dparkes, nojha, vumrao
Target Milestone: ---   
Target Release: 7.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander 2023-07-14 00:55:32 UTC 
Description of problem: 
Cu is testing on a test environment for test purposes only

GKLM does not work on Ceph
Cu trying to follow upstream documentation
https://docs.ceph.com/en/quincy/radosgw/kmip/


Cu was advised that it is not officially supported. and to use Hashicorp Vault.

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6/html/object_gateway_guide/security#the_hashicorp_vault

Spoke with lead architect G.G and confirmed that only Hashicorp is supported

Version-Release number of selected component (if applicable): na


How reproducible: 
not reproducible

Steps to Reproduce:
Cu has done the following:

1. Set up GKLM server
2. Followed steps in https://docs.ceph.com/en/quincy/radosgw/kmip/ 
  2a. adjust the ceph.conf
  2b. create a bucket
  2c. cannot set any encryption as there is no Token available from GKLM or certificate directory on GKLM.
3. Then test the following upload: aws --endpoint-url http://xyz s3 cp /plaintext.txt s3://xyzdirectory/xyzencrypted.txt --sse aws:kms --sse-kms-key-id Kxyz



Actual results:

upload failed: when calling the PutObject operation: Failed to retrieve the actual key, kms-keyid: 

Expected results:
File uploaded

Additional info:
Cu wants to know if there are any plans to support GKLM

Let me know if there is any information that I can add here