Enabling volume encryption
Cinder can manage the encryption of volumes, and it happens transparent to the guest. Encryption is enabled on a volume type level.
Getting ready
Encryption can be enabled either when creating a new volume type or added to an existing volume type that has no volumes in use. To enable volume encryption, you will need the following:
- An
openrc
file with appropriate credentials for the environment - The
openstack
command-line client - The name of the volume type
- Name of the encryption provider
- Encryption control location
- Encryption key size
- Encryption cipher
For our example, these will be as follows:
- Name:
Cookbook Encrypted Volumes
- Encryption provider:
nova.volume.encryptors.luks.LuksEncryptor
- Encryption control location:
front-end
- Encryption ...
Get OpenStack Cloud Computing Cookbook - Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.