Hello I?ve looked around as much as possible, but I want to tread carefully. I?ve created a couple of gluster volumes and before I do a gluster volume set <Vol> encryption.master-key /path/to/key for each, I need to plan properly and decide the path. Given the key only needs to be in place during the mount operation, there are a number of ways I can think of approaching this matter but I don?t like them. I don?t think it?s safe to keep the keys on the servers local to the data in case the box(es) are rooted. I will basically have any number of VMs running concurrently, and they will each be wanting to access a different encrypted gluster volume over the network. Each will have been given the master key for the corresponding volume (although as I?m in the process of building out the platform, it doesn?t have to be that way. I wanna do it right first time though obviously). What?s the best practice? Thanks IA Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140618/80c73266/attachment.html>
Santosh Pradhan
2014-Jun-20 06:42 UTC
[Gluster-users] NFS mounting encrypted gluster volume
I am not sure if encryption is fully working with NFS. I see one issue still in OPEN state i.e. https://bugzilla.redhat.com/show_bug.cgi?id=1065639 Thanks, Santosh On 06/19/2014 03:38 AM, Mark Lewis wrote:> Hello > I've looked around as much as possible, but I want to tread carefully. > I've created a couple of gluster volumes and before I do a > > gluster volume set <Vol> encryption.master-key /path/to/key > > for each, I need to plan properly and decide the path. Given the key > only needs to be in place during the mount operation, there are a > number of ways I can think of approaching this matter but I don't like > them. I don't think it's safe to keep the keys on the servers local > to the data in case the box(es) are rooted. > > I will basically have any number of VMs running concurrently, and they > will each be wanting to access a different encrypted gluster volume > over the network. Each will have been given the master key for the > corresponding volume (although as I'm in the process of building out > the platform, it doesn't have to be that way. I wanna do it right > first time though obviously). > > What's the best practice? > > Thanks IA > Mark > > > _______________________________________________ > Gluster-users mailing list > Gluster-users at gluster.org > http://supercolony.gluster.org/mailman/listinfo/gluster-users-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140620/e3519f21/attachment.html>