Description of problem:
* There is a swift container for the overcloud which contains:
* rendered heat templates for the overcloud deployment
* autogenerated passwords and every heat parameter we pass
* Private keys.
* It can be fetched with:
openstack container list
mkdir <somewhere to put the container>
cd <somewhere to put the container>
openstack container save <container name>
e.g. openstack container save overcloud
This data -- and any other sensitive data in the undercloud swift containers should be encrypted at rest. Much of the work to encrypt swift containers is already completed.
For example, here is a set of patches which enable swift encryption using barbican in the undercloud.
Would we need new/missing THT support to enable this feature?