> About uploading encrypted volumes to image, there are three options: > 1. Glance only keeps non-encrypted images. So when uploading encrypted > volumes to image, cinder de-crypts the data and upload. > 2. Glance maintain encrypted images. Cinder just upload the encrypted > data to image. > 3. Just prevent the function to upload encrypted volumes to images. > > Option 1 No changes needed in Glance. But it may be not safe. As we decrypt > the data, and upload it to images. > Option 2 This imports encryption to Glance which needs to manage the > encryption metadata. > > Please add more if you have other suggestions. How do you think which one is > preferred. Well, IMO only option 1 is useful.
Option 2 means that the original volume, the image, and all derived volumes will share the same key, right? That's not good. (Originally: "unacceptable") __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev