This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Bug 1887460 - [RFE] Glance native image encryption
Summary: [RFE] Glance native image encryption
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-glance
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Alpha
: ---
Assignee: Abhishek Kekane
QA Contact:
URL:
Whiteboard:
Depends On: 2017548
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-12 14:28 UTC by Abhishek Kekane
Modified: 2023-11-23 14:32 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-11-23 14:28:31 UTC
Target Upstream Version: Xena
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 609667 0 None MERGED Spec for the Glance part of Image Encryption 2021-01-12 09:33:06 UTC
OpenStack gerrit 705445 0 None NEW WIP adding Image encryption parameters 2023-11-23 14:29:54 UTC
Red Hat Issue Tracker   OSP-1764 0 None None None 2023-11-23 14:28:30 UTC
Red Hat Issue Tracker OSP-30545 0 None None None 2023-11-23 14:32:00 UTC

Description Abhishek Kekane 2020-10-12 14:28:54 UTC 
OpenStack already has the ability to create encrypted volumes and ephemeral storage to ensure the confidentiality of block data. In contrast to that,
images are currently handled without protection towards confidentiality, only
providing the possibility to ensure integrity using image signatures. For
further protection of user data - e.g. when a user uploads an image containing
private data or confidential information - the image data should not be
accessible for unauthorized entities. For this purpose, an encrypted image
format is to be introduced in OpenStack.
Comment 1 Gregory Charot 2021-04-02 10:47:32 UTC 
This RFE is not considered as a 17.0GA must have. Further, the barbican code required to have this merged in Wallaby did not land. Need to access changes in Xena in order to see if a 17.1 backport is possible
Comment 3 Gregory Charot 2022-03-22 14:10:32 UTC 
Removing this RFE from OSP 18 because the required barbican work (secret consumer API) is not planned to land in time.
https://bugzilla.redhat.com/show_bug.cgi?id=2017548
Note You need to log in before you can comment on or make changes to this bug.