We had a BOF about how to do file-level volume encryption.
Coupled with geo-replication, this feature would be useful for secure off-site archiving/backup/disaster-recovery of Gluster volumes.
TLDR: It might be possible using EncFS stacked file system on top of a Gluster
mount, but it is experimental and untested. At the moment, you are on your own.
- The built-in encryption translator is strongly deprecated and it may be removed
altogether from the code base in the future.
- The kernel-based ecryptfs (http://ecryptfs.org/) stacked file system has a
known bug with NFS and possibly other network file systems.
- Stacking EncFS (https://github.com/vgough/encfs) on top of a Gluster mount
should, in principle, work with both native and NFS mounts. Performance are
going to be low, but still workable in some of the use cases of interest.
- Long term solution: having a client-side translator based on EncFS code. ATM
there is no plan to develop it.
Hope it is useful to others too.
Ivan
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-users
