* Re: Request_key from KMIP appliance
[not found] ` <20210108003138.GB575130@erythro>
@ 2021-01-15 22:21 ` Alison Schofield
0 siblings, 0 replies; only message in thread
From: Alison Schofield @ 2021-01-15 22:21 UTC (permalink / raw)
To: linux-fscrypt, Ben Boeckel; +Cc: keyrings, Dan Williams
+ linux-fscrypt
Since I first wrote this question, realized we need to consider any
external key server, not only ones that are KMIP compliant.
On Thu, Jan 07, 2021 at 07:31:38PM -0500, Ben Boeckel wrote:
> On Thu, Jan 07, 2021 at 13:37:10 -0800, Alison Schofield wrote:
> > I'm looking into using an external key server to store the encrypted blobs
> > of kernel encrypted keys. Today they are stored in the rootfs, but we'd
> > like to address the need to store the keys in an external KMIP appliance,
> > separate from the platform where deployed.
> >
> > Any leads, thoughts, experience with the Linux Kernel Key Service
> > requesting keys from an external Key Server such as this?
>
> See the `request-key.conf(5)` manpage. I don't have experience with
> actual usage or deployment though, so others might have more input.
>
> --Ben
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-01-15 22:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20210107213710.GA11415@alison-desk>
[not found] ` <20210108003138.GB575130@erythro>
2021-01-15 22:21 ` Request_key from KMIP appliance Alison Schofield
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).