OpenStack Object Storage (swift)

Swift Server-side Encryption through a proxy middleware

Registered by K.Haralambiev

Provide encryption for data-at-rest:
- containers are marked as encrypting upon creation (immutable)
- use per-object key which is wrapped with a higher key, either in a simple hierarchy (one master key wrapping all object keys) or full direct hierarchy (acc-master -> account -> contianer -> object)
- master key to reside in a key manager, e.g. Barbican
- the hierarchy, key manager, and, possibly, the crypto library to be made pluggable and set in proxy-server.conf
- support efficient partial reads

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
K.Haralambiev
Direction:
Needs approval
Assignee:
Christian Cachin
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/swift-enc-proxy,n,z

Addressed by: https://review.openstack.org/76578
    Add proxy middleware for server-side encryption

Addressed by: https://review.openstack.org/122773
    Updated version of swift-enc-proxy.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.