Creating a key using the `kv` engine

Configure the HashiCorp Vault Key/Value secret engine (kv) so you can create a key for use with the Ceph Object Gateway. Secrets are stored as key-value pairs in the kv secret engine.

Important: Keys for server-side encryption must be 256-bits long and encoded using base64.

Prerequisites

A running IBM Storage Ceph cluster.
root or sudo access
Ceph Object Gateway installed
Installation of the HashiCorp Vault software.
Root-level access to the HashiCorp Vault node.

Procedure

Enable the Key/Value version 2 secret engine:

Example
```
vault secrets enable -path secret kv-v2
```

Create a new key:

Syntax

vault kv put secret/PROJECT_NAME/BUCKET_NAME key=$(openssl rand -base64 32)

Example

[root@vault ~]# vault kv put secret/myproject/mybucketkey key=$(openssl rand -base64 32)

====== Metadata ======
Key              Value
---              -----
created_time     2020-02-21T17:01:09.095824999Z
deletion_time    n/a
destroyed        false
version          1

Creating a key using the kv engine

Prerequisites

Procedure

Creating a key using the `kv` engine