BZ to track the cephadm support for NFS BYOK. Copying the content from the Jira ticket (https://jsw.ibm.com/browse/ISCE-2129) Many industries now require highest level of information security. We need to protect our users against information / data theft by providing encryption capabilities for NFS shares/exports. Encryption could be managed centrally by an administrator or directly by the user with a user provided encryption key. User Stories As an administrator I want to make sure that the users of my FSaaS services can rely on me protecting their data by encryption per NFS-export so that no other users/tenants can see anyone elses data. Each tenant would get their own NFS-export and each export would be encrypted with a different encryption key. As an administrator I want to manage my encryption keys with a industry standard KMS like e.g. Hashicorp As an administrator I want to be able to mount encrypted shares and take incremental backups of them, and restore those snapshots as needed (without ever decrypting) this means defining a file format for those incremental diffs, to be clear As an integrator, I want to be able to set up encrypted subvolumes, query libcephfs about if a particular directory needs an encryption key, and identify the name of that key so I can provide it from an existing KMS As a user I want to be able to bring my own encryption keys and encrypt my own data per share or even per directory
Please specify the severity of this bug. Severity is defined here: https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Ceph Storage 8.1 security and bug fix updates), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2025:14015