Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On 31-05-17 20:06:01, Farr, Kaitlin M. wrote: >> IMHO for now we are better off storing a secret passphrase in Barbican >> for use with these encrypted volumes, would there be any objections to >> this? Are there actual plans to use a symmetric key stored in Barbican >> to directly encrypt and

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

Lee, a few thoughts on your previous email. Many of the details I think you already know, but I'm clarifying for posterity's sake: > However the only supported disk encryption formats on the front-end at > present are plain (dm-crypt) and LUKS, neither of which use the supplied > key

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On 26-05-17 17:25:15, Duncan Thomas wrote: > On 25 May 2017 12:33 pm, "Lee Yarwood" wrote: > > On 25-05-17 11:38:44, Duncan Thomas wrote: > > On 25 May 2017 at 11:00, Lee Yarwood wrote: > > > This has also reminded me that the plain (dm-crypt) format

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On 25 May 2017 12:33 pm, "Lee Yarwood" wrote: On 25-05-17 11:38:44, Duncan Thomas wrote: > On 25 May 2017 at 11:00, Lee Yarwood wrote: > > This has also reminded me that the plain (dm-crypt) format really needs > > to be deprecated this cycle. I posted

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On 25-05-17 11:00:26, Lee Yarwood wrote: > Hello all, > > I'm currently working on enabling QEMU's native LUKS support within Nova > [1]. While testing this work with Barbican I noticed that Cinder is > creating symmetric keys for use with encrypted volumes : > >

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On 25-05-17 11:38:44, Duncan Thomas wrote: > On 25 May 2017 at 11:00, Lee Yarwood wrote: > > This has also reminded me that the plain (dm-crypt) format really needs > > to be deprecated this cycle. I posted to the dev and ops ML [2] last > > year about this but received no

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On Thu, May 25, 2017 at 11:38:44AM +0100, Duncan Thomas wrote: > On 25 May 2017 at 11:00, Lee Yarwood wrote: > > This has also reminded me that the plain (dm-crypt) format really needs > > to be deprecated this cycle. I posted to the dev and ops ML [2] last > > year about

Re: [openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

On 25 May 2017 at 11:00, Lee Yarwood wrote: > This has also reminded me that the plain (dm-crypt) format really needs > to be deprecated this cycle. I posted to the dev and ops ML [2] last > year about this but received no feedback. Assuming there are no last > minute

[openstack-dev] [nova][cinder][barbican] Why is Cinder creating symmetric keys in Barbican for use with encrypted volumes?

Hello all, I'm currently working on enabling QEMU's native LUKS support within Nova [1]. While testing this work with Barbican I noticed that Cinder is creating symmetric keys for use with encrypted volumes :