Cinder creating and associating symmetric keys with encrypted volumes when used with Barbican
Bug #1693840 reported by
Lee Yarwood
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cinder |
New
|
Undecided
|
Unassigned | ||
Bug Description
Description
===========
Cinder is creating and associating symmetric keys with encrypted volumes when used with Barbican. As discussed on the dev ML [1] these symmetric keys are not used to directly encrypt or decrypt these volumes within Cinder or Nova (via os-brick).
It would be less confusing to users and operators if passphrases were instead stored in Barbican and associated with these encrypted volumes. While Barbican does currently allow for secret passphrases to be stored the associated key manager interface provided by Catellan and used by Cinder and Nova does not. This will need to be extend before any changes can be made to Cinder.
[1] http://
| summary: |
- Cinder is creating and associating symmetric keys with encrypted volumes + Cinder creating and associating symmetric keys with encrypted volumes when used with Barbican |
Revision history for this message
| Kaitlin Farr (kaitlin-farr) wrote | #1 |
To post a comment you must log in.
Castellan does allow for passphrases to be stored.
https:/
You would need to create a Passphrase object and use the key_manager.store() command to store it. However, you'd need to either get the user to input the passphrase or randomly generate the bytes somewhere. Generating symmetric/