Project

General

Profile

Feature #47776

Add Support customed CA certificate from vault KMS for SSE encryption

Added by Jiffin Tony Thottan over 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Target version:
-
% Done:

100%

Source:
Tags:
vault encryption
Backport:
pacific
Reviewed:
Affected Versions:
Pull request ID:

Description

The KMS backend vault supports multiple TLS config such as

Vault Client Certificate
Vault Client Key
Vault CA Certificate
Vault TLS Server Name

Currently RGW can communicate with vault using default SSL installed in the system,not with customed one


Related issues

Copied to rgw - Backport #51310: pacific: Add Support customed CA certificate from vault KMS for SSE encryption Resolved

History

#1 Updated by Casey Bodley over 3 years ago

  • Tracker changed from Bug to Feature
  • Tags set to vault encryption

#2 Updated by Matt Benjamin about 3 years ago

  • Assignee set to Jiffin Tony Thottan
  • Pull request ID set to 37730

#3 Updated by Matt Benjamin almost 3 years ago

  • Backport set to pacific

#4 Updated by Jiffin Tony Thottan almost 3 years ago

I have created Bp branch in my git repo since this PR have conflicts with pacific https://github.com/thotz/ceph/tree/rgwkmsvaultsslsupport-pacific

#5 Updated by Jiffin Tony Thottan almost 3 years ago

Jiffin Tony Thottan wrote:

I have created Bp branch in my git repo since this PR have conflicts with pacific https://github.com/thotz/ceph/tree/rgwkmsvaultsslsupport-pacific

Any update wrt Pacific backport?

#6 Updated by Jiffin Tony Thottan almost 3 years ago

  • Status changed from New to Pending Backport
  • Target version set to v16.2.5
  • % Done changed from 0 to 100

#7 Updated by Backport Bot almost 3 years ago

  • Copied to Backport #51310: pacific: Add Support customed CA certificate from vault KMS for SSE encryption added

#8 Updated by Loïc Dachary over 2 years ago

  • Target version deleted (v16.2.5)

#9 Updated by Loïc Dachary over 2 years ago

  • Status changed from Pending Backport to Resolved

While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".

Also available in: Atom PDF