unlock ceph #4

Description

unlock_ceph stores Ceph's disk encryption keys in Vault and restores
them to a tmpfs and links them in for Ceph's use


Overview

unlock-ceph is a daemon made to accompany a Ceph installation that removes Ceph's dmcrypt keys to remote (Hashicorp Vault) storage to ensure that they are not stored on disk. The motivation for this is to secure against a threat of removing a machine from the datacenter, rather than just throwing away bad disks.