[openstack-dev] key manager proposal

Caitlin Bestler Caitlin.Bestler at nexenta.com
Thu Mar 7 18:37:19 UTC 2013


Excellent proposal.

One item not covered yet, is the possibility of running a key scope that is a collection
of encrypted items: for example the set of volumes and snapshots that are derived from
one master.

A snapshot that used the same key-id as the volume it was a snapshot of would not
require any copying of content to take the snapshot. Similarly if a new volume was
cloned from the snapshot (especially if the volume storage system supported thin
encoding).

Swift partitions could also use the same key-id on every Swift Object Server,
allowing rsync replication without needing to re-key/re-encrypt/whatever.

The critical idea here is that the scope of a key should be motivated by the need
for efficient replication, snapshotting and cloning.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130307/24ae4684/attachment.html>


More information about the OpenStack-dev mailing list