[csi-cinder-plugin] Support volume encryption with user provided keys #2526
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
/kind feature
What happened:
Currently volumes can be encrypted if the required features are set up in OpenStack. The remaining handling is done transparently in OpenStack (
nova
andbarbican
). A feature missing is the "bring your own keys" approach were the key is stored in a k8s secret and predefined when the API request to create a volume is send.What you expected to happen:
A user provided secret can be used to control the encryption from the k8s layer. Remaining mechanisms in OpenStack should remain the same including storage in
Barbican
and transparent handling inNova
.Anything else we need to know?:
The OpenStack feature request is https://bugs.launchpad.net/nova/+bug/2051108
The text was updated successfully, but these errors were encountered: