Outcome Overview

OpenShift core and layered products make use of keys, credentials, tokens and certificates for many use-cases. Most customers rely on external secret managers such as Vault and public cloud KMS providers to in order to securely manage these sensitive data. The goal of this outcome is enable customers to use external secret managers when providing keys, credentials, certificates and other sensitive data require by OpenShift core and layered operators.

Success Criteria

Keys, credentials and certificates used by OpenShift core and layered operators could be provided through external secret managers such as Vault and public cloud KMS providers. These sensitive data includes

• Support Kube KMS API for encrypting etcd keys
• Support Secret Store CSI (SSCSI) Driver
• Support External Secrets Operator (ESO)
• Support cert-manager
• Core and layered products to rely on SSSCI Driver, ESO and cert-manager for user-provided sensitive dat
• SPIFFE/SPIRE integration with Vault

Expected Results (what, how, when)

• Enable use of OpenShift with external secret managers
• Increase the number of OpenShift customers that use IBM Vault
   

Post Completion Review – Actual Results

TBD