share-encryption
The Manila shares volumes for a virtual machine (VM) are currently not being encrypted. This makes the platforms hosting shares for VMs high value targets because an attacker can break into a share-hosting platform and read the data for many different VMs. Another issue is that the physical storage medium could be stolen, remounted, and accessed from a different machine. This blueprint addresses both of these vulnerabilities
The aim of this blueprint is to provide encryption of the share using vendor supported encryption methods. That is the data is being encrypted on backend storage.
Blueprint information
- Status:
- Started
- Approver:
- Goutham Pacha Ravi
- Priority:
- Medium
- Drafter:
- kiran pawar
- Direction:
- Approved
- Assignee:
- kiran pawar
- Definition:
- Approved
- Series goal:
- Accepted for dalmatian
- Implementation:
-
Started
- Milestone target:
-
dalmatian-rc1
- Started by
- Goutham Pacha Ravi
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add spec for share encryption
Addressed by: https:/
Add share type encryption
Addressed by: https:/
Use encryption key id during share create