Hi everyone: I've been digging around the documentation of Nova, Cinder and the encrypted disks feature and I've been a bit stumped on something which I think is a very relevant use case that might not be possible (or it is and I have totally missed it!)
It seems that both Cinder and Nova assume that secrets are always stored within the Barbican deployment in the same cloud. This makes a lot of sense however in scenarios where the consumer of an OpenStack cloud wants to operate it without trusting the cloud, they won't be able to have encrypted volumes that make sense, an example: - Create encrypted volume, keys are stored in Barbican - Boot VM using said encrypted volume, Nova pulls keys from Barbican, starts VM.. However, this means that the deployer can at anytime pull down the keys and decrypt things locally to do $bad_things. However, if we had something like any of the following two ideas: - Allow for "run-time" providing secret on boot (maybe something added to the start/boot VM API?) - Allow for pointing towards an external instance of Barbican By using those 2, we allow OpenStack users to operate their VMs securely and allowing them to have control over their keys. If they want to revoke all access, they can shutdown all the VMs and cut access to their key storage management and not worry about someone just pulling them down from the internal Barbican. Hopefully I did a good job explaining this use case and I'm just wondering if this is a thing that's possible at the moment or if we perhaps need to look into it. Thanks, Mohammed -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mna...@vexxhost.com W. http://vexxhost.com __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev