We had a BOF about how to do file-level volume encryption.
Coupled with geo-replication, this feature would be useful for secure
off-site archiving/backup/disaster-recovery of Gluster volumes.
TLDR: It might be possible using EncFS stacked file system on top of a
Gluster
mount, but it is experimental and untested. At the moment, you are on your
own.
- The built-in encryption translator is strongly deprecated and it may be
removed
altogether from the code base in the future.
- The kernel-based ecryptfs (http://ecryptfs.org/) stacked file system has a
known bug with NFS and possibly other network file systems.
- Stacking EncFS (https://github.com/vgough/encfs) on top of a Gluster mount
should, in principle, work with both native and NFS mounts. Performance
are
going to be low, but still workable in some of the use cases of interest.
- Long term solution: having a client-side translator based on EncFS code.
ATM
there is no plan to develop it.
Hope it is useful to others too.
Ivan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.gluster.org/pipermail/gluster-users/attachments/20171107/c6b79699/attachment.html>
