Encryption of attached local volumes
NOTE: this blueprint is obselete. The referenced local volumes code has not been accepted into OpenStack master.
This blueprint is an incremental feature to [https:/
Through an extension in the Nova API [1], local volumes can be created and attached to a virtual machine (VM). However, these volumes are currently not being encrypted. This makes the platforms hosting VMs with local volumes high value targets because an attacker can break into the platform and read the data for many different VMs. This type of data breach could be addressed with encryption.
The aim of this blueprint is to provide encryption of the VM's data before it is written to disk. The idea is similar to how self-encrypting drives work. Our goal is to present the VM a normal block storage device, but we will encrypt the bytes in the virtualization host before writing them to the disk. For more information, see the referenced specification: [http://
[1] http://
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- APL Development team for OpenStack
- Direction:
- Needs approval
- Assignee:
- APL Development team for OpenStack
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Laura Glendenning