Bug 1419556 - [RFE] Full Barbican support in Swift
Summary: [RFE] Full Barbican support in Swift
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-swift
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
Target Milestone: Upstream M3
: 13.0 (Queens)
Assignee: Thiago da Silva
QA Contact: Mike Abrams
Kim Nylander
Depends On: 1333141 1558058
Blocks: 1433715
TreeView+ depends on / blocked
Reported: 2017-02-06 13:49 UTC by Thiago da Silva
Modified: 2018-06-27 13:30 UTC (History)
16 users (show)

Fixed In Version: openstack-swift-2.17.1-0.20180226191257.3d12a10.el7ost openstack-tripleo-heat-templates-8.0.2-11.el7ost puppet-swift-12.3.1-0.20180221111701.5bdce0a.el7ost puppet-tripleo-8.3.0-0.20180222131528.3202394.el7ost
Doc Type: Enhancement
Doc Text:
The Object Store service (swift) can now integrate with Barbican to transparently encrypt and decrypt your stored (at-rest) objects. At-rest encryption is distinct from in-transit encryption and refers to the objects being encrypted while being stored on disk. Swift objects are stored as clear text on disk. These disks can pose a security risk if not properly disposed of when they reach end-of-life. Encrypting the objects mitigates that risk. Swift performs these encryption tasks transparently, with the objects being automatically encrypted when uploaded to swift, then automatically decrypted when served to a user. This encryption and decryption is done using the same (symmetric) key, which is stored in Barbican.
Clone Of: 1418439
Last Closed: 2018-06-27 13:29:18 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenStack gerrit 364878 0 None MERGED Retrieve encryption root secret from Barbican 2020-11-02 13:52:56 UTC
OpenStack gerrit 525321 0 None MERGED Adding barbican configuration to swift 2020-11-02 13:52:55 UTC
OpenStack gerrit 525323 0 None MERGED Include barbican modules to swift proxy 2020-11-02 13:53:12 UTC
OpenStack gerrit 525324 0 None MERGED Add new encryption middleware to swift proxy 2020-11-02 13:52:55 UTC
OpenStack gerrit 565159 0 None MERGED Add DeployIdentifier to Swift set_swift_secret container 2020-11-02 13:52:55 UTC
Red Hat Product Errata RHEA-2018:2086 0 None None None 2018-06-27 13:30:45 UTC

Comment 1 Red Hat Bugzilla Rules Engine 2017-02-06 13:49:50 UTC
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.

Comment 2 Red Hat Bugzilla Rules Engine 2017-02-08 09:29:47 UTC
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.

Comment 16 Kim Nylander 2018-06-20 02:50:29 UTC
If this bug requires doc text for errata release, please set the 'Doc Type' and provide draft text according to the template in the 'Doc Text' field.

The documentation team will review, edit, and approve the text.

If this bug does not require doc text, please set the 'requires_doc_text' flag to -.

Please note that the errata is due this week.

Comment 17 Kim Nylander 2018-06-20 18:11:13 UTC
Thank you for adding the doc text.

Comment 19 errata-xmlrpc 2018-06-27 13:29:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.