Has there been any previous discussion on providing a mechanism for transferring ownership of a secret from one user to another?
Cinder supports the notion of transferring volume ownership to another user, who may be in another tenant/project. However, if the volume is encrypted it's possible (even likely) that the new owner will not be able to access the encryption secret. The new user will have the encryption key ID (secret ref), but may not have permission to access the secret, let alone delete the secret should the volume be deleted later. This issue is currently flagged as a cinder bug [1]. This is a use case where the ownership of the encryption secret should be transferred to the new volume owner. Alan [1] https://bugs.launchpad.net/cinder/+bug/1735285 __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
