Integration with KMIP

[Klaas-]

Hi, sorry for opening an issue as this is more a question than an issue but there is no user-mailing list :)

we have a kmip (https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip) capable solution for storing encryption keys. So I have the general question if this could integrate with clevis or if a future integration is on the roadmap for clevis. I would like to use it to a similar manner as root filesystems are unlocked using tang.

Greetings Klaas

[npmccallum]

Yes. Patches welcome.

You basically want to make a pin for kmip. That is, you should create clevis-encrypt-kmip and clevis-decrypt-kmip. The process should hopefully be easy.