1 // -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
5 * Server-side encryption integrations with Key Management Systems (SSE-KMS)
11 static const std::string RGW_SSE_KMS_BACKEND_TESTING
= "testing";
12 static const std::string RGW_SSE_KMS_BACKEND_BARBICAN
= "barbican";
13 static const std::string RGW_SSE_KMS_BACKEND_VAULT
= "vault";
15 static const std::string RGW_SSE_KMS_VAULT_AUTH_TOKEN
= "token";
16 static const std::string RGW_SSE_KMS_VAULT_AUTH_AGENT
= "agent";
18 static const std::string RGW_SSE_KMS_VAULT_SE_TRANSIT
= "transit";
19 static const std::string RGW_SSE_KMS_VAULT_SE_KV
= "kv";
22 * Retrieves the actual server-side encryption key from a KMS system given a
23 * key ID. Currently supported KMS systems are OpenStack Barbican and HashiCorp
24 * Vault, but keys can also be retrieved from Ceph configuration file (if
25 * kms is set to 'local').
31 int get_actual_key_from_kms(CephContext
*cct
,
32 boost::string_view key_id
,
33 boost::string_view key_selector
,
34 std::string
& actual_key
);
37 * SecretEngine Interface
38 * Defining interface here such that we can use both a real implementation
39 * of this interface, and a mock implementation in tests.
44 virtual int get_key(boost::string_view key_id
, std::string
& actual_key
) = 0;
45 virtual ~SecretEngine(){};
47 virtual int send_request(boost::string_view key_id
, JSONParser
* parser
) = 0;
48 virtual int decode_secret(JSONObj
* json_obj
, std::string
& actual_key
) = 0;