Comments (1)
I do not think there is a tool or script that can do this for you. If you write something for it, consider contributing it back to this project.
If you have the keys stored in the metadata of the RBD-image, you can find the encrypted key in the rbd.csi.ceph.com/dek
metdata. Each RBD-image has its own key and nounce, stored as JSON.
You can decrypt that the key with the passphrase and nounce (volume id) that were used to encrypt the key. This is the function that does it:
ceph-csi/internal/kms/secretskms.go
Lines 237 to 264 in d376271
from ceph-csi.
Related Issues (20)
- Can we share VolumeLocks for NodeServer/ControllerServer? HOT 3
- Not able to start CI job because of no nodes HOT 1
- RBD-Images are not shown in the Dashbord: Failed to execute RBD [errno 19] error generating diff from snapshot None HOT 2
- Concurrency issue when pvc is mounted to multiple pods HOT 23
- CentOS Stream 8 is EOL HOT 3
- Add support for ModifyVolume HOT 5
- allow podSecurityContexts to be set in `nodeplugin` and `provisioner` of chart `ceph-csi-cephfs` HOT 2
- Add http health endpoint for ceph-csi-cephfs and ceph-csi-rbd HOT 4
- cephfs-csi Pod has always been in containercreating HOT 3
- CephFS keyring requires nonsensicaly enormous and insecure privileges to work HOT 4
- Update modprobe in csi-rbdplugin to support zstd compressed rbd and nbd kernel module HOT 6
- Unable to create CephFS subvolume dynamically (`no available topology found`) HOT 2
- cephFS: Remove the 400 snapshot limitation from the doc HOT 1
- Allow to change mounter option from an existing PV HOT 6
- cephfs csi error,mds mds status Start request repeated too quickly. Failed with result 'signal'. HOT 1
- New csiplugin-configmap.yaml setting to override PVs's volumeAttributes.mounter HOT 1
- rbd remap on network failure HOT 6
- Remove podSecurityPolicy from the helm documentation
- Ensure ceph-lock is always released when staging encrypted cephfs volume HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ceph-csi.