rgw: considering deprecation of SSE-KMS integration with OpenStack Barbican

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Barbican was the first key management server used for rgw's Server
Side Encryption feature. it's integration is documented in
https://docs.ceph.com/en/quincy/radosgw/barbican/

we've since added SSE-KMS support for Vault and KMIP, and the SSE-S3
feature (coming soon to quincy) requires Vault

our Barbican tests stopped working about 6 months ago (see
https://tracker.ceph.com/issues/54247), and nobody is familiar enough
with the ecosystem to fix it. these tests are pinned to old versions
of keystone (17.0.0 which was ossuri?) and barbican (5.0.0 which was
pike?), but something changed and they no longer work

rgw can't maintain features that we can't test. if Barbican support is
important to the community, we'd love some assistance in
updating/fixing these tests. if there is no interest, we'll likely
deprecate it in R and remove it in S

our team feels that Vault is a more attractive target for continued
development. does Barbican offer any specific advantages? please let
us know your thoughts!

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux