Hello I’ve looked around as much as possible, but I want to tread carefully. I’ve created a couple of gluster volumes and before I do a gluster volume set <Vol> encryption.master-key /path/to/key for each, I need to plan properly and decide the path. Given the key only needs to be in place during the mount operation, there are a number of ways I can think of approaching this matter but I don’t like them. I don’t think it’s safe to keep the keys on the servers local to the data in case the box(es) are rooted. I will basically have any number of VMs running concurrently, and they will each be wanting to access a different encrypted gluster volume over the network. Each will have been given the master key for the corresponding volume (although as I’m in the process of building out the platform, it doesn’t have to be that way. I wanna do it right first time though obviously). What’s the best practice? Thanks IA Mark
|
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-users
