KMIP Client for volume encryption key management
The volume encryption blueprint and specification describe a key manager interface that allows different types of key managers to be used. This blueprint proposes to use the defined key management interface to communicate with a key manager that supports the OASIS Key Management Interoperability Protocol (KMIP). Any KMIP Key Manager that supports the defined interfaces will be able to manage the encryption keys used in the volume encryption feature. This approach of adding a KMIP client to OpenStack provides a secure key management option for the volume encryption keys while also allowing OpenStack integration into KMIP compliant enterprise key management systems which are already managing keys for other systems and applications.
Blueprint information
- Status:
- Complete
- Approver:
- Russell Bryant
- Priority:
- Undefined
- Drafter:
- Bill Becker
- Direction:
- Needs approval
- Assignee:
- Catherine Ying
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Bill Becker
Related branches
Related bugs
Sprints
Whiteboard
Removed from next, as next is now reserved for near misses from the last milestone --johnthetubagu
If you are still working on this, please re-submit via nova-specs. If not, please mark as obsolete, and add a quick comment to describe why. --johnthetubaguy (20th April 2014)
Marked as Obsolete. Community seems to be consolidating around barbican for key management services, so we are no longing working on this blueprint. --Bill (20 March 2014)
Work Items
Dependency tree
* Blueprints in grey have been implemented.