Ceph-CSI supports encryped storage (currently only for RBD images with LUKS/cryptsetup). There should be a way to rotate the encryption passphrases by adding a new one to the LUKS header and removing the older one.
This might be very Ceph-CSI specific, at the moment. But an advanced procedure like this does not fit in the CSI Spec, so maybe kube-storage is a better location?
Ceph-CSI supports encryped storage (currently only for RBD images with LUKS/cryptsetup). There should be a way to rotate the encryption passphrases by adding a new one to the LUKS header and removing the older one.
This might be very Ceph-CSI specific, at the moment. But an advanced procedure like this does not fit in the CSI Spec, so maybe kube-storage is a better location?