Hi, reading Rados Gateway documentation [1] I learned that current support for server side encryption using a KMS is only available with Openstack Barbincan. Encouraged by the statement from the same documentation page quoted below: > In principle, any key management service could be used here, ... I've checked the code and I can see in [2] that the functions tying the logic to Barbican are mostly down to request_key_from_barbican and get_keystone_barbican_token. My questions are: - Is there anyone already working on this? - If not, would an integration with Vault be welcomed? - Is there any other area of the code / implications I left behind in my analysis? Thanks -- Andrea [1] http://docs.ceph.com/docs/master/radosgw/encryption/ [2] https://github.com/ceph/ceph/blob/master/src/rgw/rgw_crypt.cc
