Just an FYI, it doesn't solved cached images, but Swift does support at
rest encryption, so if using the Swift store backend you can at least know
your image on disk on the storage nodes would be safe.
We still need to add more functionality like key rotation, but we do
integrate with kmip sevices
Hello OpenStack developers,
we have made an etherpad as there were a few questions concerning
the library we want to use for the encryption and decryption method:
https://etherpad.openstack.org/p/library-for-image-encryption-and-decryption
Am 11.10.2018 um 15:10 schrieb Josephine Seifert:
> Am
Am 08.10.2018 um 17:16 schrieb Markus Hentsch:
> Dear OpenStack developers,
>
> as you suggested, we have written individual specs for Nova [1] and
> Cinder [2] so far and will write another spec for Glance soon. We'd
> appreciate any feedback and reviews on the specs :)
>
> Thank you in advance,
Dear OpenStack developers,
as you suggested, we have written individual specs for Nova [1] and
Cinder [2] so far and will write another spec for Glance soon. We'd
appreciate any feedback and reviews on the specs :)
Thank you in advance,
Markus Hentsch
[1]
Hello Eric,
Eric Harney wrote:
>
> Are you aware of the existing Cinder support for similar functionality?
>
> When encrypted volumes are uploaded to Glance images from Cinder,
> encryption keys are cloned in Barbican and tied to Glance images as
> metadata. Then, volumes created from those
On 9/27/18 1:36 PM, Markus Hentsch wrote:
Dear OpenStack developers,
we would like to propose the introduction of an encrypted image format
in OpenStack. We already created a basic implementation involving Nova,
Cinder, OSC and Glance, which we'd like to contribute.
We originally created a
On Fri, Sep 28, 2018 at 5:00 AM Jeremy Stanley wrote:
>
> If memory serves, the biggest challenge around that solution was
> determining who approves such proposals since they still need
> per-project specs for the project-specific details anyway. Perhaps
> someone who has recently worked on a
Hi,
Am 28.09.2018 um 13:51 schrieb Erlon Cruz:
> I don't know if our workflow supports this, but it would be nice to
> have a place to
> place cross-projec changes like that (something like,
> openstack-cross-projects-specs),
> and use that as a initial point for high level discussions. But for
Hello Julia,
we will begin formulating an individual spec for each project accordingly.
Regarding your question: as you already assumed correctly, the code
necessary to handle image decryption is driver specific in our current
design as it is very close to the point where the ephemeral storage
On 2018-09-28 08:51:46 -0300 (-0300), Erlon Cruz wrote:
> I don't know if our workflow supports this, but it would be nice
> to have a place to place cross-projec changes like that (something
> like, openstack-cross-projects-specs), and use that as a initial
> point for high level discussions. But
I don't know if our workflow supports this, but it would be nice to have a
place to
place cross-projec changes like that (something like,
openstack-cross-projects-specs),
and use that as a initial point for high level discussions. But for now,
you can start creating
specs for the projects
+1 to Julia's suggestion, Cinder should also have a spec to discuss
the detail about how to implement the creation of volume from an
encrypted image.
Julia Kreger 于2018年9月28日周五 上午9:39写道:
>
> Greetings!
>
> I suspect the avenue of at least three different specs is likely going
> to be the best
Greetings!
I suspect the avenue of at least three different specs is likely going
to be the best path forward and likely what will be required for each
project to fully understand how/what/why. From my point of view, I'm
quite interested in this from a Nova point of view because that is the
Dear OpenStack developers,
we would like to propose the introduction of an encrypted image format
in OpenStack. We already created a basic implementation involving Nova,
Cinder, OSC and Glance, which we'd like to contribute.
We originally created a full spec document but since the official
14 matches
Mail list logo
