Clevis is a client-side, pluggable key management tool that has been developed as part of the Tang project. https://github.com/latchset/clevis https://github.com/latchset/tang It can interact with any arbitrary key escrow system as well as the Tang server. We should insert it into our ceph-disk and MON keystore workflow so we can later extend it to Tang or allow customers to insert plugins to interact with their own key management systems. My understanding is Clevis is less mature than Tang but once packages are made available we should look to start the integration so we can help with the development of the project. Further details at: https://www.youtube.com/watch?v=p_M0YEE-esA
Tests added upstream and scheduled for backport to jewel.
Ooops, wrong bz, sorry about that.
Gregory, has any analysis of what is needed to implement the integration been done? This is a heavily requested feature so would like to know if it can be a candidate for a minor release on v3.
Please include me in any planning sessions. Thanks!
Neil, I know nothing of what'd take to implement this, first I've heard of it is when I proposed it for 4.0 during scrub. I will review the included links to see if we could get it in 3.X cheers
Not relevant in the near term.