Ephemeral storage encryption for LVM backend

Registered by Dan Genin on 2014-04-22

The proposed feature will provide data-at-rest security by encrypting all LVM backed ephemeral storage devices attached to VM instances managed by libvirt. By integrating ephemeral storage encryption with a secure key manager (most likely Barbican) VM data will be protected against

* Rogue cloud administrators
* Incomplete data erasure
* Improper storage medium disposal
* Storage medium theft

Blueprint information

Status:
Complete
Approver:
John Garbutt
Priority:
Low
Drafter:
Dan Genin
Direction:
Needs approval
Assignee:
Dan Genin
Definition:
Pending Approval
Series goal:
Accepted for trunk
Implementation:
Implemented
Milestone target:
None
Started by
John Garbutt on 2014-09-16
Completed by
Dan Genin on 2014-09-19

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:lvm-ephemeral-storage-encryption,n,z

Addressed by: https://review.openstack.org/94370
    Add LVM ephemeral storage encryption specification

The spec is not approved, moving out of Juno-1. Also no code is up for review, so moving from NeedsCodeReview to NotStarted. --johnthetubaguy (3rd June 2014)

Gerrit topic: https://review.openstack.org/#q,topic:bp/lvm-ephemeral-storage-encryption,n,z

Addressed by: https://review.openstack.org/40467
    Adds ephemeral storage encryption for LVM back-end images

Addressed by: https://review.openstack.org/104001
    Adds barbican keymgr wrapper

Has a +2, so leaving in juno for now, but depends on the barbican blueprint --johnthetubaguy 2nd September 2014

Sorry, this has not yet been approved, so this will have to wait until kilo. Please contact me on IRC, or via email, for more details. Thank you. --johnthetubaguy 3rd September 2014

FFE granted. --johnthetubaguy 8th September 2014

Removed dependency, as this has been dropped now.

Sorry, FFE has now expired, this needs to have a spec merged in kilo, before getting merged. Please contact me for more details. --johnthetubaguy 16th September 2014

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.