OpenStack Compute (nova)

Image Encryption

Registered by Josephine Seifert

OpenStack already has the ability to create encrypted volumes and ephemeral
storage to ensure the confidentiality of block data. In contrast to that,
glance images are currently handled without protection towards confidentiality, only
providing the possibility to ensure integrity using image signatures. For
further protection of user data - e.g. when a user uploads an image containing
private data or confidential information - the image data should not be
accessible for unauthorized entities. For this purpose, an encrypted image
format is to be introduced in OpenStack.
In conclusion, several adjustments to support image encryption/decryption in
various projects, e.g. Nova, Glance and Cinder, need to be implemented.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Josephine Seifert
Direction:
Needs approval
Assignee:
Josephine Seifert
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Eric Fried

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:608696

Addressed by: https://review.opendev.org/608696
    Spec for the Nova part of Image Encryption

[efried 20190703] NB: owned by the image encryption popup team: https://governance.openstack.org/tc/reference/popup-teams.html#image-encryption

Gerrit topic: https://review.opendev.org/#/q/topic:bp/image-encryption

Deferring this out of Train since it wasn't approved and we're about 2 weeks from feature freeze. -- mriedem 20190829

[efried 20191209]: Marking obsolete as the nova spec has been abandoned. See the spec patch for details https://review.opendev.org/608696

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.