OpenStack Image Registry and Delivery Service (Glance)

Added Swift location security.

Registered by Stuart McLaren on 2011-10-18

When using swift as a backend store a request to the registry may display the swift user's credentials in plaintext. Change this to have the credentials encrypted.

Blueprint information

Status:
Complete
Approver:
Jay Pipes
Priority:
Medium
Drafter:
Stuart McLaren
Direction:
Approved
Assignee:
Stuart McLaren
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Thierry Carrez on 2011-11-14
Completed by
Thierry Carrez on 2011-11-15

Related branches

Sprints

Whiteboard

One potential way to do this would be as follows:

1) introduce a new parameter in glance-api.conf

swift_encryption_secret

If present this would signal both that the 'swift_store_key' is
encrypted, and the specified swift_encryption_secret was used to perform
the encryption. The swift_encryption_secret would be an attribute of
the swift 'Store'.

If absent behaviour would be unchanged from what it is currently.

2) store the encrypted swift_store_key rather than the plaintext in the
location parameter

3) decrypt the key when needed using the swift_encryption_secret

Note that this change is not intended to make the configuration file
more secure, just the location parameter.

Potentially the entire location could be encrypted, alternatively the
user's credentials (username/password) could be padded to a
minimum length.

There are some corner cases at the moment where swift credentials
containing characters which are not 'URL safe' eg '/',':' may not be handled properly.
I'm not intending to handle that here, but this feature should be implemented
not to introduce additional such corner cases if possible.

The python 'Crypto' library's AES function may be the way to go here -- note that this would
add an additional package dependency.

Some additional thoughts from Jay:

* Why just the Swift store? Any location field for any driver may contain sensitive information (creds, filepaths, etc). What about making the configuration file option just "location_encrypt_key" and encrypting ALL location URIs?

Gerrit topic: https://review.openstack.org/#q,topic:bp/swift-location-credentials,n,z

Addressed by: https://review.openstack.org/1189
    Adds option to encrypt 'location' metadata.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.