Comment 2 for bug 1137908
Revision history for this message
| Malini Bhandaru (malini-k-bhandaru) wrote | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Interesting use case for encryption and key manager.
Alternative 1 is the best, it supports a complete, self contained backup, with tamper-proof evidence.
The proposed Key manager in openstack could be used to hold all the public certificates for the various nodes in OpenStack.
But it could also be used to store a symmetric private key associated with the backup process which could be used to encrypt the meta-data and prevent tamper. The advantage of using the symmetric key is that should you clone the backup agent for high availability, they could still all use the same symmetric key. Should at some point we re-key, the original key would be "de-activated" and used only for decryption purposes (key manager API support for the same).