unlock ceph #4

Supports: trusty


unlock_ceph stores Ceph's disk encryption keys in Vault and restores them to a tmpfs and links them in for Ceph's use


unlock-ceph is a daemon made to accompany a Ceph installation that removes Ceph's dmcrypt keys to remote (Hashicorp Vault) storage to ensure that they are not stored on disk. The motivation for this is to secure against a threat of removing a machine from the datacenter, rather than just throwing away bad disks.