Skip to content

Feature: Key Management Service (KMS)#634

Open
vishesh92 wants to merge 1 commit into
apache:mainfrom
shapeblue:feature-kms
Open

Feature: Key Management Service (KMS)#634
vishesh92 wants to merge 1 commit into
apache:mainfrom
shapeblue:feature-kms

Conversation

@vishesh92
Copy link
Copy Markdown
Member

@vishesh92 vishesh92 commented Mar 18, 2026
edited by github-actions Bot
Loading

@sureshanaparti sureshanaparti mentioned this pull request Apr 2, 2026
Draft
@sureshanaparti sureshanaparti added this to the 4.23.0 milestone Apr 2, 2026
@sureshanaparti sureshanaparti requested a review from Copilot April 2, 2026 08:37
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds administrator documentation for the new Key Management Service (KMS) feature and wires it into the Admin Guide, including updated volume creation docs and supporting UI/architecture screenshots.

Changes:

  • Add a new Admin Guide page documenting KMS concepts (KEK/DEK), HSM profiles, key lifecycle (create/rotate), migration, and configuration settings.
  • Update storage docs to describe KVM volume encryption and expose the new “KMS Key” option when creating volumes.
  • Add new images and include the new KMS page in the Admin Guide index toctree.

Reviewed changes

Copilot reviewed 3 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
source/adminguide/storage.rst Adds a “Volume Encryption” section and documents the optional “KMS Key” field during volume creation.
source/adminguide/kms.rst New KMS documentation page (architecture, providers, HSM profiles, key creation/rotation, migration, settings).
source/adminguide/index.rst Adds kms to the Admin Guide toctree so the new page is published.
source/_static/images/kms-rotate-key.png New screenshot referenced by KMS key rotation docs.
source/_static/images/kms-create-key.png New screenshot referenced by KMS key creation docs.
source/_static/images/kms-architecture.png New architecture diagram referenced by the KMS overview.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

sureshanaparti
sureshanaparti reviewed Apr 28, 2026
View reviewed changes
Comment thread source/adminguide/storage.rst

.. warning::
Deleting the KMS key used to encrypt a volume will render that volume permanently
unrecoverable.
Copy link
Copy Markdown
Contributor

@sureshanaparti sureshanaparti Apr 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vishesh92 can we block the delete operation when a KMS key in use, instead of unrecoverable volume?

@kiranchavala
Copy link
Copy Markdown
Member

kiranchavala commented May 19, 2026

@blueorangutan docbuild

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented May 19, 2026

@kiranchavala a Jenkins job has been kicked to build the document. I'll keep you posted as I make progress.

@kiranchavala
Copy link
Copy Markdown
Member

kiranchavala commented May 20, 2026

@blueorangutan docbuild

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented May 20, 2026

@kiranchavala a Jenkins job has been kicked to build the document. I'll keep you posted as I make progress.

@blueorangutan
Copy link
Copy Markdown

blueorangutan commented May 20, 2026

QA-Doc build preview: https://qa.cloudstack.cloud/builds/docs-build/pr/634. (QA-JID 537)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sureshanaparti sureshanaparti sureshanaparti left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.23.0

Development

Successfully merging this pull request may close these issues.

5 participants

@vishesh92 @kiranchavala @blueorangutan @sureshanaparti