-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for LUKS disk encryption for local-storage #1413
Comments
@wokalski Thanks for your feedback, data volume encryption is really important, especially inside scenarios with high data security requirements. This feature is currently in our planning, it would be great if you could contribute to this feature, and if you have any questions during this process, please feel free to contact us, we will provide as much help as possible! |
I think i might be able to contribute it but I'd need some information how you'd like it implemented:
Thank you! |
I think this has to do with how users use it. Perhaps both StorageClass and LocalVolume should reflect whether encryption is applied and how it is done.
As for the encryption key information, it might be associated through secrets. This relationship can be maintained in the StorageClass. These are some of my current ideas about this. If there is a better way, please feel free to communicate~ |
Actually, I'm not sure whether all the physical volumes (PVs) in a volume group (VG) should have the same encryption policy. If a data volume spans across multiple PVs with different encryption policies, is there any security risk? |
|
cryptsetup can be used for LV level encryption as well so it's the right tool for the job 👍. I will think about the rest and get back to you soon. |
Same requirement. |
@wokalski Hi, are you still working on this issue? |
Unfortunately I'm not working on it actively. It is in my backlog but untouched. |
This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs. |
I don't think it's stale - the maintainers expressed interest and there's no dedicated issue 😄 |
Hhh, this is the robot's strategy. We do have plans to implement this feature, but the priority is not so high. If anyone is interested in this feature, feel free to discuss and contribute with us at any time, and we will provide as much help as possible. I will cancel this |
Support for LUKS encryption for local-storage can make hwameistor an even more complete solution. I'd like to be able to say; here's a PVC, encrypt it with LUKS with the key from this secret. And it'd create a logical volume encrypted with the given secret.
I think it might be a bit more challenging for local-disk stuff so I'd like to separate those two out into separate feature requests.
The text was updated successfully, but these errors were encountered: