From f172e6956b0a077920e3fe37b92f8aca65b7ed47 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Wed, 24 Mar 2021 18:04:33 +0100
Subject: [PATCH] doc: add configuration example for Amazon KMS

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 examples/kms/vault/aws-credentials.yaml            | 13 +++++++++++++
 examples/kms/vault/csi-kms-connection-details.yaml |  6 ++++++
 2 files changed, 19 insertions(+)
 create mode 100644 examples/kms/vault/aws-credentials.yaml

diff --git a/examples/kms/vault/aws-credentials.yaml b/examples/kms/vault/aws-credentials.yaml
new file mode 100644
index 000000000..ddfcbfbfe
--- /dev/null
+++ b/examples/kms/vault/aws-credentials.yaml
@@ -0,0 +1,13 @@
+---
+# This is an example Kubernetes Secret that can be created in the Kubernetes
+# Namespace where Ceph-CSI is deployed. The contents of this Secret will be
+# used to connect to the Amazon KMS.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ceph-csi-aws-credentials
+stringData:
+  AWS_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE"
+  AWS_SECRET_ACCESS_KEY: "JalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY"
+  AWS_SESSION_TOKEN: ""
+  AWS_CMK_ARN: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
diff --git a/examples/kms/vault/csi-kms-connection-details.yaml b/examples/kms/vault/csi-kms-connection-details.yaml
index 32e2c4513..c941721a6 100644
--- a/examples/kms/vault/csi-kms-connection-details.yaml
+++ b/examples/kms/vault/csi-kms-connection-details.yaml
@@ -35,5 +35,11 @@ data:
     {
       "encryptionKMSType": "metadata"
     }
+  aws-metadata-test: |-
+    {
+      "KMS_PROVIDER": "aws-metadata",
+      "KMS_SECRET_NAME": "ceph-csi-aws-credentials",
+      "AWS_REGION": "us-west-2"
+    }
 metadata:
   name: csi-kms-connection-details