Description of problem: Currently the HashiCorp Vault is supported via a KV or Transit engine. The transit engine requires usage of an exportable key. Version-Release number of selected component (if applicable): current How reproducible: n/a Actual results: n/a Expected results: Integration with the data key API would not require an exportable key. The key is generated by the transit engine, encrypts the data and is then stored with the data. The key itself is encrypted and cannot be used without additional calls to the transit engine. This would result in a more secure deployment.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1174
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days