Add support for HPCS key encryption

terraform-ibm-modules / terraform-ibm-watsonx-saas-da

A deployable architecture solution to deploy IBM Watsonx SaaS resources.

Apache License 2.0

2 stars 1 forks source link

Add support for HPCS key encryption #139

Closed ocofaigh closed 2 months ago

ocofaigh commented 2 months ago

The cos_kms_crn input has validation that will only allow Key Protect, however HPCS is supported by the COS service for encrypting buckets. By not supporting HPCS, it means the GenAI / RAG stack cannot support HPCS, yet all other DAs allow HPCS.

I also notice the code is using the provider directly to create keys and key rings. All other DAs are using https://github.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive

ocofaigh commented 2 months ago

cc @andreainnocenti

andreainnocenti commented 2 months ago

Is HPCS supported? When we added the support for KP, the developer said:

Create a COS instance delegation, optionally with encryption via a Key Protect instance key

ocofaigh commented 2 months ago

COS bucket encryption support HPCS, but storage delegation only supports Key Protect. Closing this