-
Outcome
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
-
62% To Do, 23% In Progress, 15% Done
-
False
-
Outcome Overview
OpenShift core and layered products make use of keys, credentials, tokens and certificates for many use-cases. Most customers rely on external secret managers such as Vault and public cloud KMS providers to in order to securely manage these sensitive data. The goal of this outcome is enable customers to use external secret managers when providing keys, credentials, certificates and other sensitive data require by OpenShift core and layered operators.
Success Criteria
Keys, credentials and certificates used by OpenShift core and layered operators could be provided through external secret managers such as Vault and public cloud KMS providers. These sensitive data includes
- Support Kube KMS API for encrypting etcd keys
- Support Secret Store CSI (SSCSI) Driver
- Support External Secrets Operator (ESO)
- Support cert-manager
- Core and layered products to rely on SSSCI Driver, ESO and cert-manager for user-provided sensitive dat
- SPIFFE/SPIRE integration with Vault
Expected Results (what, how, when)
- Enable use of OpenShift with external secret managers
- Increase the number of OpenShift customers that use IBM Vault
Post Completion Review – Actual Results
TBD
- is related to
-
OCPNODE-2673 Add support for external key providers
- New
-
OBSDA-212 Move CMO configuration to CRD
- Waiting
- is triggering
-
OSSM-3640 Supported integration with OpenShift cert-manager(Istio-csr productization & support)
- Refinement
- relates to
-
SRVKP-6920 Docs for using Vault with Pipelines
- New
- links to