OpenStack Shared File Systems Service (Manila)

share-encryption

Registered by kiran pawar on 2023-10-22

The Manila shares volumes for a virtual machine (VM) are currently not being encrypted. This makes the platforms hosting shares for VMs high value targets because an attacker can break into a share-hosting platform and read the data for many different VMs. Another issue is that the physical storage medium could be stolen, remounted, and accessed from a different machine. This blueprint addresses both of these vulnerabilities

The aim of this blueprint is to provide encryption of the share using vendor supported encryption methods. That is the data is being encrypted on backend storage.

Blueprint information

Status:: Started

Approver:: Goutham Pacha Ravi

Priority:: Medium

Drafter:: kiran pawar

Direction:: Approved

Assignee:: kiran pawar

Definition:: Approved

Series goal:: Accepted for dalmatian

Implementation:: Started

Milestone target:: dalmatian-rc1

Started by: Goutham Pacha Ravi on 2024-01-17

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/share-encryption

Addressed by: https://review.opendev.org/c/openstack/manila-specs/+/898999
Add spec for share encryption

Addressed by: https://review.opendev.org/c/openstack/manila/+/909977
Add share type encryption

Addressed by: https://review.opendev.org/c/openstack/manila/+/911089
Use encryption key id during share create

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.