1858720 – [RFE] Vault Data Key API

Bug 1858720 - [RFE] Vault Data Key API

Summary: [RFE] Vault Data Key API

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	4.1
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Target Release:	5.1
Assignee:	Marcus Watts
QA Contact:	Tejas
Docs Contact:	Ranjini M N
URL:
Whiteboard:
Depends On:
Blocks:	2031073
TreeView+	depends on / blocked

Reported:	2020-07-20 08:18 UTC by Harald Klein
Modified:	2023-12-15 18:30 UTC (History)
CC List:	13 users (show)
Fixed In Version:	ceph-16.2.6-16.el8cp
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-04-04 10:19:51 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	ceph ceph pull 38605	0	None	open	Wip master transit	2021-01-26 21:57:18 UTC
Red Hat Product Errata	RHSA-2022:1174	0	None	None	None	2022-04-04 10:20:26 UTC

Description Harald Klein 2020-07-20 08:18:15 UTC

Description of problem:

Currently the HashiCorp Vault is supported via a KV or Transit engine. The transit engine requires usage of an exportable key. 

Version-Release number of selected component (if applicable):

current

How reproducible:

n/a

Actual results:

n/a

Expected results:

Integration with the data key API would not require an exportable key. The key is generated by the transit engine, encrypts the data and is then stored with the data. The key itself is encrypted and cannot be used without additional calls to the transit engine. This would result in a more secure deployment.

Comment 19 errata-xmlrpc 2022-04-04 10:19:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1174

Comment 20 Red Hat Bugzilla 2023-09-15 00:34:20 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days

Note You need to log in before you can comment on or make changes to this bug.