Re: Request_key from KMIP appliance

Linux FSCRYPT development
 help / color / mirror / Atom feed

* Re: Request_key from KMIP appliance
       [not found] ` <20210108003138.GB575130@erythro>
@ 2021-01-15 22:21   ` Alison Schofield
  0 siblings, 0 replies; only message in thread
From: Alison Schofield @ 2021-01-15 22:21 UTC (permalink / raw)
  To: linux-fscrypt, Ben Boeckel; +Cc: keyrings, Dan Williams


+ linux-fscrypt

Since I first wrote this question, realized we need to consider any
external key server, not only ones that are KMIP compliant.


On Thu, Jan 07, 2021 at 07:31:38PM -0500, Ben Boeckel wrote:
> On Thu, Jan 07, 2021 at 13:37:10 -0800, Alison Schofield wrote:
> > I'm looking into using an external key server to store the encrypted blobs
> > of kernel encrypted keys. Today they are stored in the rootfs, but we'd
> > like to address the need to store the keys in an external KMIP appliance,
> > separate from the platform where deployed.
> > 
> > Any leads, thoughts, experience with the Linux Kernel Key Service
> > requesting keys from an external Key Server such as this?
> 
> See the `request-key.conf(5)` manpage. I don't have experience with
> actual usage or deployment though, so others might have more input.
> 
> --Ben

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-01-15 22:19 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20210107213710.GA11415@alison-desk>
     [not found] ` <20210108003138.GB575130@erythro>
2021-01-15 22:21   ` Request_key from KMIP appliance Alison Schofield

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox