Ceph » Orchestrator

Currently, cephadm stores various certs, keys, and passwords in a bunch of random locations specific to their purpose. In order to make handling of these secrets and potentially integrating with some external service for storing these secrets in the future easier, we should formalize this storage. The idea is to have one secret store, which for now would exist inside the mon-key store (which is considered secure) that aggregates all secrets we actively keep track of, instead of having a web of different mon-key store entries and spec attributes holding the secrets. The code that referenced the old locations would need to be updated to pull from our secret store and a migration would be necessary to move secrets into the store from their old location.