This document proposes adding support for the Key Management Interoperability Protocol (KMIP) as a backend for RGW's Server-Side Encryption with S3-Managed Keys (SSE-S3).
This feature will mirror the functionality of the existing HashiCorp Vault Transit backend, allowing a KMIP server to manage bucket-level Key Encryption Keys (KEKs) while RGW manages the creation and lifecycle of per-object Data Encryption Keys (DEKs).