yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2051108] [NEW] Support for the "bring your own keys" approach for Cinder

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: NotTheEvilOne <2051108@xxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Jan 2024 10:52:14 -0000
Reply-to: Bug 2051108 <2051108@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Description
===========
Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.

Work flow would be as follow:
1. End user creates a new key and stores it in OpenStack Barbican
2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id".

** Affects: nova
     Importance: Undecided
         Status: New

** Description changed:

- Cinder currently lags support the API to create a volume with a
- predefined (e.g. already stored in Barbican) encryption key. This
- feature would be useful for use cases where end-users should be enabled
- to store keys later on used to encrypt volumes.
+ Description
+ ===========
+ Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.
  
  Work flow would be as follow:
  1. End user creates a new key and stores it in OpenStack Barbican
  2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
  3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id".

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2051108

Title:
  Support for the "bring your own keys" approach for Cinder

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========
  Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes.

  Work flow would be as follow:
  1. End user creates a new key and stores it in OpenStack Barbican
  2. User requests a new volume with volume type "LUKS" and gives an "encryption_reference_key_id" (or just "key_id").
  3. Internally the key is copied (like in volume_utils.clone_encryption_key_()) and a new "encryption_key_id".

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2051108/+subscriptions

Follow ups

[Bug 2051108] Re: Support for the "bring your own keys" approach for Cinder
From: sean mooney, 2024-01-31
[Bug 2051108] Re: Support for the "bring your own keys" approach for Cinder
From: Dan Smith, 2024-01-30