]>
Commit | Line | Data |
---|---|---|
9f95a23c TL |
1 | // -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
2 | // vim: ts=8 sw=2 smarttab | |
3 | ||
4 | /** | |
5 | * Server-side encryption integrations with Key Management Systems (SSE-KMS) | |
6 | */ | |
7 | ||
8 | #ifndef CEPH_RGW_KMS_H | |
9 | #define CEPH_RGW_KMS_H | |
10 | ||
11 | static const std::string RGW_SSE_KMS_BACKEND_TESTING = "testing"; | |
12 | static const std::string RGW_SSE_KMS_BACKEND_BARBICAN = "barbican"; | |
13 | static const std::string RGW_SSE_KMS_BACKEND_VAULT = "vault"; | |
f67539c2 | 14 | static const std::string RGW_SSE_KMS_BACKEND_KMIP = "kmip"; |
9f95a23c TL |
15 | |
16 | static const std::string RGW_SSE_KMS_VAULT_AUTH_TOKEN = "token"; | |
17 | static const std::string RGW_SSE_KMS_VAULT_AUTH_AGENT = "agent"; | |
18 | ||
19 | static const std::string RGW_SSE_KMS_VAULT_SE_TRANSIT = "transit"; | |
20 | static const std::string RGW_SSE_KMS_VAULT_SE_KV = "kv"; | |
21 | ||
f67539c2 TL |
22 | static const std::string RGW_SSE_KMS_KMIP_SE_KV = "kv"; |
23 | ||
9f95a23c TL |
24 | /** |
25 | * Retrieves the actual server-side encryption key from a KMS system given a | |
26 | * key ID. Currently supported KMS systems are OpenStack Barbican and HashiCorp | |
27 | * Vault, but keys can also be retrieved from Ceph configuration file (if | |
28 | * kms is set to 'local'). | |
29 | * | |
30 | * \params | |
31 | * TODO | |
32 | * \return | |
33 | */ | |
f67539c2 TL |
34 | int make_actual_key_from_kms(CephContext *cct, |
35 | map<string, bufferlist>& attrs, | |
36 | std::string& actual_key); | |
37 | int reconstitute_actual_key_from_kms(CephContext *cct, | |
38 | map<string, bufferlist>& attrs, | |
9f95a23c TL |
39 | std::string& actual_key); |
40 | ||
41 | /** | |
42 | * SecretEngine Interface | |
43 | * Defining interface here such that we can use both a real implementation | |
44 | * of this interface, and a mock implementation in tests. | |
45 | **/ | |
46 | class SecretEngine { | |
47 | ||
48 | public: | |
f67539c2 | 49 | virtual int get_key(std::string_view key_id, std::string& actual_key) = 0; |
9f95a23c | 50 | virtual ~SecretEngine(){}; |
9f95a23c TL |
51 | }; |
52 | #endif |