2024-01-24 10:55:23 |
NotTheEvilOne |
description |
Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.
Work flow would be as follow:
1. End user creates a new key and stores it in OpenStack Barbican
2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id". |
Description
===========
Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.
Work flow would be as follow:
1. End user creates a new key and stores it in OpenStack Barbican
2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id". |
|