Ephemeral storage encryption for LVM backend
The proposed feature will provide data-at-rest security by encrypting all LVM backed ephemeral storage devices attached to VM instances managed by libvirt. By integrating ephemeral storage encryption with a secure key manager (most likely Barbican) VM data will be protected against
* Rogue cloud administrators
* Incomplete data erasure
* Improper storage medium disposal
* Storage medium theft
Blueprint information
- Status:
- Complete
- Approver:
- John Garbutt
- Priority:
- Low
- Drafter:
- Dan Genin
- Direction:
- Needs approval
- Assignee:
- Dan Genin
- Definition:
- Pending Approval
- Series goal:
- Accepted for trunk
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- John Garbutt
- Completed by
- Dan Genin
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add LVM ephemeral storage encryption specification
The spec is not approved, moving out of Juno-1. Also no code is up for review, so moving from NeedsCodeReview to NotStarted. --johnthetubaguy (3rd June 2014)
Gerrit topic: https:/
Addressed by: https:/
Adds ephemeral storage encryption for LVM back-end images
Addressed by: https:/
Adds barbican keymgr wrapper
Has a +2, so leaving in juno for now, but depends on the barbican blueprint --johnthetubaguy 2nd September 2014
Sorry, this has not yet been approved, so this will have to wait until kilo. Please contact me on IRC, or via email, for more details. Thank you. --johnthetubaguy 3rd September 2014
FFE granted. --johnthetubaguy 8th September 2014
Removed dependency, as this has been dropped now.
Sorry, FFE has now expired, this needs to have a spec merged in kilo, before getting merged. Please contact me for more details. --johnthetubaguy 16th September 2014