MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-25 20:16:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

add minio/keys KMS integration (#8631)

Browse Source 
This commit adds support for the minio/kes KMS.
See: https://github.com/minio/kes

In particular you can configure it as KMS by:
 - `export MINIO_KMS_KES_ENDPOINT=`  // Server URL
 - `export MINIO_KMS_KES_KEY_FILE=`  // TLS client private key
 - `export MINIO_KMS_KES_CERT_FILE=` // TLS client certificate
 - `export MINIO_KMS_KES_CA_PATH=`   // Root CAs issuing server cert
 - `export MINIO_KMS_KES_KEY_NAME=`  // The name of the (default)
master key
This commit is contained in:
Andreas Auernhammer
2019-12-13 21:57:11 +01:00
committed by Harshavardhana
parent 471a3a650a
commit c3d4c1f584
9 changed files with 723 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
cmd/crypto/help.go
View File

@@ -20,7 +20,7 @@ import "github.com/minio/minio/cmd/config"
// Help template for KMS vault
var (
Help = config.HelpKVS{
HelpVault = config.HelpKVS{
config.HelpKV{
Key: KMSVaultEndpoint,
Description: `API endpoint e.g. "http://vault-endpoint-ip:8200"`,
@@ -28,7 +28,7 @@ var (
},
config.HelpKV{
Key: KMSVaultKeyName,
Description: `unique transit key name e.g. "my-minio-key"`,
Description: `unique transit key name - e.g. "my-minio-key"`,
Type: "string",
},
config.HelpKV{
@@ -71,4 +71,39 @@ var (
Type: "sentence",
},
}
HelpKes = config.HelpKVS{
config.HelpKV{
Key: KMSKesEndpoint,
Description: `API endpoint - e.g. "https://kes-endpoint:7373"`,
Type: "url",
},
config.HelpKV{
Key: KMSKesKeyName,
Description: `unique key name - e.g. "my-minio-key"`,
Type: "string",
},
config.HelpKV{
Key: KMSKesCertFile,
Description: `path to client certificate for TLS auth - e.g. /etc/keys/public.crt`,
Type: "path",
},
config.HelpKV{
Key: KMSKesKeyFile,
Description: `path to client private key for TLS auth - e.g. /etc/keys/private.key`,
Type: "path",
},
config.HelpKV{
Key: KMSKesCAPath,
Description: `path to PEM-encoded cert(s) to verify kes server cert - e.g. /etc/keys/CAs`,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
)