Specify Data Secure Deletion

Registered by wanghao on 2020-10-24

Currently, when Cinder deletes resources like volume, snapshot, and backup, the user can't specify how to handle the data that storage in those backends. Although we have configurations 'volume_clear' and 'volume_clear_size ', it still lacks a mechanism to allow users to specify whether and how to securely delete their own data through Cinder API. This feature will introduce the function to support secure deletion of volume, snapshot and backup. It will enhace the security of open infrastructure cloud platform.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
wanghao
Direction:
Needs approval
Assignee:
wanghao
Definition:
Obsolete
Series goal:
Declined for wallaby
Implementation:
Unknown
Milestone target:
None
Completed by
Brian Rosmaita

Related branches

Sprints

Whiteboard

This was discussed during the Wallaby PTG [1] and this blueprint has been rejected because Cinder drivers should already be secure enough to prevent data leakage from deleted volumes into newly created volumes.

For those concerned with someone stealing the physical disks, we recommend using encrypted volumes.

The documentation has been improved to help clarify these security concerns. [2].

[1]: https://wiki.openstack.org/wiki/CinderWallabyPTGSummary#Two_proposed_specs_on_the_same_topic_.28mutually_assured_destruction.29
[2]: https://review.opendev.org/#/c/761535/

Gerrit topic: https://review.opendev.org/#/q/topic:specify-data-secure-deletion

Addressed by: https://review.opendev.org/759553
    Specify data secure deletion in Cinder

Gerrit topic: https://review.opendev.org/#/q/topic:doc-delete-security

Addressed by: https://review.opendev.org/761535
    Add explanations on safe delete

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.