Someone with access to a mon disk can access your whole cluster, it contains the mon keyring which has full admin capabilities. And yes, it also has all the encryption keys for the OSDs stored it in it... Usually disks running mons are just destroyed instead of RMA'd if they fail on an encrypted cluster. You can also encrypt the disk as usual, mons store all their data in ~ceph/mon, you can just mount an encrypted disk or partition there, no need to encrypt the whole OS disk. Paul -- Paul Emmerich Looking for help with your Ceph cluster? Contact us at https://croit.io croit GmbH Freseniusstr. 31h 81247 München www.croit.io Tel: +49 89 1896585 90 On Wed, Apr 17, 2019 at 2:15 PM Christoph Biedl <ceph.com.aaze@xxxxxxxxxxxxxxxxxx> wrote: > > Hello, > > after reading the documentation[1], I'm uncertain whether the OSD > encryption keys are stored in a safe way. If I understand correctly, > they are kept on the monitor(s) but not necessarily with extra > protection. > > In other words, is the default setup safe against the situation where > one disk gets RMAd? Or are there some extra step required, like > encrypting at least the file system that holds the monitor storage > (/var/lib/ceph/mon/?), and unlocking via some means at boot time? > > Christoph > > [1] http://docs.ceph.com/docs/mimic/ceph-volume/lvm/encryption/ > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com