share-encryption
The Manila shares volumes for a virtual machine (VM) are currently not being encrypted. This makes the platforms hosting shares for VMs high value targets because an attacker can break into a share-hosting platform and read the data for many different VMs. Another issue is that the physical storage medium could be stolen, remounted, and accessed from a different machine. This blueprint addresses both of these vulnerabilities
The aim of this blueprint is to provide encryption of the share using vendor supported encryption methods. That is the data is being encrypted on backend storage.
Blueprint information
- Status:
- Started
- Approver:
- Goutham Pacha Ravi
- Priority:
- Medium
- Drafter:
- kiran pawar
- Direction:
- Approved
- Assignee:
- kiran pawar
- Definition:
- Approved
- Series goal:
- Accepted for flamingo
- Implementation:
-
Started
- Milestone target:
-
dalmatian-rc1
- Started by
- Goutham Pacha Ravi
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add spec for share encryption
Addressed by: https:/
Add share type encryption
Addressed by: https:/
Use encryption key id during share create
Gerrit topic: https:/
Addressed by: https:/
Update spec for share encryption
Addressed by: https:/
[NetApp] Barbican share-server/share encryption support
Addressed by: https:/
Use encryption key ref during share create
Addressed by: https:/
Add tests for encryption_key_ref
Addressed by: https:/
Add barbican to dummy driver job
Addressed by: https:/
Add barbican set up to devstack
Addressed by: https:/
Refactor key manager code
Addressed by: https:/
Add missing auth plugin options in [barbican] section
Addressed by: https:/
Support region_name for identity API access
