[openstack-dev] Volume encryption

Bhandaru, Malini K malini.k.bhandaru at intel.com
Thu Mar 28 17:58:35 UTC 2013


Paul,

I am guessing you are referring to volume encryption because for plain object encryption OpenStack can be oblivious of any encryption,
Just put/get is adequate with the user taking care of encryption/decryption.

The volume APIs could definitely take in an argument with the key-string, so during communications, whatever protocol is in effect, the key-string
will be transmitted using SSL/TLS or IPSEC or in the clear.
Where we save <key-id> in the meta data for the volume we could instead save a marker saying “EXTERNAL_KEY” or “USER_KEY” or something to that effect. It indicates the volume is encrypted, as opposed to plain text.

Regards
Malini
From: Paul Sarin-Pollet [mailto:psarpol at gmx.com]
Sent: Thursday, March 28, 2013 9:36 AM
To: OpenStack Development Mailing List
Subject: [openstack-dev] Volume encryption

Hi all,

Dou you think it could be possible to add an option to let the user enter his own key ?
The key would not be stored by the CSP and would be under the user responsibility.

Thanks

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130328/46848173/attachment.html>


More information about the OpenStack-dev mailing list