[openstack-dev] Volume encryption
Bhandaru, Malini K
malini.k.bhandaru at intel.com
Thu Mar 28 17:58:35 UTC 2013
Paul,
I am guessing you are referring to volume encryption because for plain object encryption OpenStack can be oblivious of any encryption,
Just put/get is adequate with the user taking care of encryption/decryption.
The volume APIs could definitely take in an argument with the key-string, so during communications, whatever protocol is in effect, the key-string
will be transmitted using SSL/TLS or IPSEC or in the clear.
Where we save <key-id> in the meta data for the volume we could instead save a marker saying “EXTERNAL_KEY” or “USER_KEY” or something to that effect. It indicates the volume is encrypted, as opposed to plain text.
Regards
Malini
From: Paul Sarin-Pollet [mailto:psarpol at gmx.com]
Sent: Thursday, March 28, 2013 9:36 AM
To: OpenStack Development Mailing List
Subject: [openstack-dev] Volume encryption
Hi all,
Dou you think it could be possible to add an option to let the user enter his own key ?
The key would not be stored by the CSP and would be under the user responsibility.
Thanks
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130328/46848173/attachment.html>
More information about the OpenStack-dev
mailing list