[openstack-dev] [nova] key management and Cinder volume encryption
Caitlin Bestler
caitlin.bestler at nexenta.com
Wed Sep 4 19:53:15 UTC 2013
On September 4, 2013 12:28:19 PM "Coffman, Joel M."
<Joel.Coffman at jhuapl.edu> wrote:
> The following change provides a key manager implementation that reads a
> static key from the project's configuration:
> https://review.openstack.org/#/c/45103/
>
> This key manager implementation naturally does not provide the same
> confidentiality that would be proffered by retrieving keys from a service
> like Barbican or a KMIP server, but it still provides protection against
> certain attacks like intercepting iSCSI traffic between the compute and
> storage host and lost / stolen disks.
>
>
I know this is meant as a minimalistic stub, but even so shouldn't it be
able to have at least a prior and current key?
How do you test a key management interface without changing keys?
More information about the OpenStack-dev
mailing list