Open Stack

I'm happy to announce that OpenStack Swift 2.9.0 has been released.

Tarball: https://tarballs.openstack.org/swift/swift-2.9.0.tar.gz

Full change log: https://github.com/openstack/swift/blob/master/CHANGELOG

As always, you can upgrade to this version of Swift without any end-
user downtime.

This release of Swift includes at-rest encryption for all object data
and object user metadata. This feature provides server-side encryption
to protects against information leaks if a data drive were to leave a
Swift cluster. A data drive may leave a cluster intentionally for an
RMA, or it may leave unintentionally through inventory mistakes or
malicious actions.

Every object in Swift is encrypted with its own unique, randomly-
generated encryption key. This data encryption key is itself encrypted
with a key encrypting key that is derived from the thing's URI in
Swift and the master encryption key. The master encryption key is
stored on each proxy server, either in a the proxy config or in
another local file, and future development includes storing this key
in Barbican. The data is encrypted with AES-256 in CTR mode.

This encryption scheme and key management design provides immediate
value today to cluster operators who need to ensure data is encrypted,
and it provides a strong foundation upon which we can add more
advanced functionality.

Completing this feature has taken more than a year of work. Janie
Richling (IBM) and Alistair Coles (HPE) have led the community in
designing, writing, and landing this feature in Swift.

Download the latest version of Swift today, and let us know how you
are using Swift. You can find us in #openstack-swift on freenode IRC.

--John



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20160715/00de550d/attachment.pgp>