Enabling volume encryption

Cinder can manage the encryption of volumes, and it happens transparent to the guest. Encryption is enabled on a volume type level.

Getting ready

Encryption can be enabled either when creating a new volume type or added to an existing volume type that has no volumes in use. To enable volume encryption, you will need the following:

  • An openrc file with appropriate credentials for the environment
  • The openstack command-line client
  • The name of the volume type
  • Name of the encryption provider
  • Encryption control location
  • Encryption key size
  • Encryption cipher

For our example, these will be as follows:

  • Name: Cookbook Encrypted Volumes
  • Encryption provider: nova.volume.encryptors.luks.LuksEncryptor
  • Encryption control location: front-end
  • Encryption ...

Get OpenStack Cloud Computing Cookbook - Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial