Image Encryption
OpenStack already has the ability to create encrypted volumes and ephemeral
storage to ensure the confidentiality of block data. In contrast to that,
glance images are currently handled without protection towards confidentiality, only
providing the possibility to ensure integrity using image signatures. For
further protection of user data - e.g. when a user uploads an image containing
private data or confidential information - the image data should not be
accessible for unauthorized entities. For this purpose, an encrypted image
format is to be introduced in OpenStack.
In conclusion, several adjustments to support image encryption/
various projects, e.g. Nova, Glance and Cinder, need to be implemented.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Josephine Seifert
- Direction:
- Needs approval
- Assignee:
- Josephine Seifert
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Eric Fried
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Spec for the Nova part of Image Encryption
[efried 20190703] NB: owned by the image encryption popup team: https:/
Gerrit topic: https:/
Deferring this out of Train since it wasn't approved and we're about 2 weeks from feature freeze. -- mriedem 20190829
[efried 20191209]: Marking obsolete as the nova spec has been abandoned. See the spec patch for details https:/