On 10/02/2017 07:18 AM, Two Spirit wrote:
The Ceph Object Gateway supports server-side encryption of uploaded objects, with 3 options for the management of encryption keys. Server-side encryption means that the data is sent over HTTP in its unencrypted form, and the Ceph Object Gateway stores that data in the Ceph Storage Cluster in encrypted form.
It sounds like OSD to OSD traffic is unencrypted.
1) Does "stores data in the cluster in encrypted form" mean *only* if
the --dmcrypt option is used?
2) Does that mean the zone to zone copy across a WAN is also unencrypted?
Ceph does not have on-the-wire encryption.
-Joao
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
