Description of problem: Cu is testing on a test environment for test purposes only GKLM does not work on Ceph Cu trying to follow upstream documentation https://docs.ceph.com/en/quincy/radosgw/kmip/ Cu was advised that it is not officially supported. and to use Hashicorp Vault. https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6/html/object_gateway_guide/security#the_hashicorp_vault Spoke with lead architect G.G and confirmed that only Hashicorp is supported Version-Release number of selected component (if applicable): na How reproducible: not reproducible Steps to Reproduce: Cu has done the following: 1. Set up GKLM server 2. Followed steps in https://docs.ceph.com/en/quincy/radosgw/kmip/ 2a. adjust the ceph.conf 2b. create a bucket 2c. cannot set any encryption as there is no Token available from GKLM or certificate directory on GKLM. 3. Then test the following upload: aws --endpoint-url http://xyz s3 cp /plaintext.txt s3://xyzdirectory/xyzencrypted.txt --sse aws:kms --sse-kms-key-id Kxyz Actual results: upload failed: when calling the PutObject operation: Failed to retrieve the actual key, kms-keyid: Expected results: File uploaded Additional info: Cu wants to know if there are any plans to support GKLM Let me know if there is any information that I can add here
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Ceph Storage 8.0 security, bug fix, and enhancement updates), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:10216
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days