* Request_key from KMIP appliance
@ 2021-01-07 21:37 Alison Schofield
2021-01-08 0:31 ` Ben Boeckel
0 siblings, 1 reply; 3+ messages in thread
From: Alison Schofield @ 2021-01-07 21:37 UTC (permalink / raw)
To: keyrings; +Cc: Dan Williams
Hi,
I'm looking into using an external key server to store the encrypted blobs
of kernel encrypted keys. Today they are stored in the rootfs, but we'd
like to address the need to store the keys in an external KMIP appliance,
separate from the platform where deployed.
Any leads, thoughts, experience with the Linux Kernel Key Service
requesting keys from an external Key Server such as this?
Thanks,
Alison
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Request_key from KMIP appliance
2021-01-07 21:37 Request_key from KMIP appliance Alison Schofield
@ 2021-01-08 0:31 ` Ben Boeckel
2021-01-15 22:21 ` Alison Schofield
0 siblings, 1 reply; 3+ messages in thread
From: Ben Boeckel @ 2021-01-08 0:31 UTC (permalink / raw)
To: Alison Schofield; +Cc: keyrings, Dan Williams
On Thu, Jan 07, 2021 at 13:37:10 -0800, Alison Schofield wrote:
> I'm looking into using an external key server to store the encrypted blobs
> of kernel encrypted keys. Today they are stored in the rootfs, but we'd
> like to address the need to store the keys in an external KMIP appliance,
> separate from the platform where deployed.
>
> Any leads, thoughts, experience with the Linux Kernel Key Service
> requesting keys from an external Key Server such as this?
See the `request-key.conf(5)` manpage. I don't have experience with
actual usage or deployment though, so others might have more input.
--Ben
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Request_key from KMIP appliance
2021-01-08 0:31 ` Ben Boeckel
@ 2021-01-15 22:21 ` Alison Schofield
0 siblings, 0 replies; 3+ messages in thread
From: Alison Schofield @ 2021-01-15 22:21 UTC (permalink / raw)
To: linux-fscrypt, Ben Boeckel; +Cc: keyrings, Dan Williams
+ linux-fscrypt
Since I first wrote this question, realized we need to consider any
external key server, not only ones that are KMIP compliant.
On Thu, Jan 07, 2021 at 07:31:38PM -0500, Ben Boeckel wrote:
> On Thu, Jan 07, 2021 at 13:37:10 -0800, Alison Schofield wrote:
> > I'm looking into using an external key server to store the encrypted blobs
> > of kernel encrypted keys. Today they are stored in the rootfs, but we'd
> > like to address the need to store the keys in an external KMIP appliance,
> > separate from the platform where deployed.
> >
> > Any leads, thoughts, experience with the Linux Kernel Key Service
> > requesting keys from an external Key Server such as this?
>
> See the `request-key.conf(5)` manpage. I don't have experience with
> actual usage or deployment though, so others might have more input.
>
> --Ben
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-15 22:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-07 21:37 Request_key from KMIP appliance Alison Schofield
2021-01-08 0:31 ` Ben Boeckel
2021-01-15 22:21 ` Alison Schofield
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).