Bug 1887460

Summary: [RFE] Glance native image encryption
Product: Red Hat OpenStack Reporter: Abhishek Kekane <akekane>
Component: openstack-glanceAssignee: Abhishek Kekane <akekane>
Status: CLOSED MIGRATED QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 17.0 (Wallaby)CC: athomas, dwilde, eglynn, gcharot, gfidente, ndeevy
Target Milestone: AlphaKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-23 14:28:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: Xena
Embargoed:
Bug Depends On: 2017548    
Bug Blocks:    

Description Abhishek Kekane 2020-10-12 14:28:54 UTC 
OpenStack already has the ability to create encrypted volumes and ephemeral storage to ensure the confidentiality of block data. In contrast to that,
images are currently handled without protection towards confidentiality, only
providing the possibility to ensure integrity using image signatures. For
further protection of user data - e.g. when a user uploads an image containing
private data or confidential information - the image data should not be
accessible for unauthorized entities. For this purpose, an encrypted image
format is to be introduced in OpenStack.
Comment 1 Gregory Charot 2021-04-02 10:47:32 UTC 
This RFE is not considered as a 17.0GA must have. Further, the barbican code required to have this merged in Wallaby did not land. Need to access changes in Xena in order to see if a 17.1 backport is possible
Comment 3 Gregory Charot 2022-03-22 14:10:32 UTC 
Removing this RFE from OSP 18 because the required barbican work (secret consumer API) is not planned to land in time.
https://bugzilla.redhat.com/show_bug.cgi?id=2017548