Hi, Stefan,
Thanks a lot for the message. It seems that client-side encryption (or per use) is still
on the way and not ready yet for today.
Are there practical methods to implement encryption for CephFS with today' technique?
e.g using LUKS or other tools?
Kind regards,
Samuel
huxiaoyu(a)horebdata.cn
From: Stefan Kooman
Date: 2023-05-22 17:19
To: Alexander E. Patrakov; huxiaoyu(a)horebdata.cn
CC: ceph-users
Subject: Re: [ceph-users] Re: Encryption per user Howto
On 5/21/23 15:44, Alexander E. Patrakov wrote:
Hello Samuel,
On Sun, May 21, 2023 at 3:48 PM huxiaoyu(a)horebdata.cn
<huxiaoyu(a)horebdata.cn> wrote:
Dear Ceph folks,
Recently one of our clients approached us with a request on encrpytion per user, i.e.
using individual encrytion key for each user and encryption files and object store.
Does anyone know (or have experience) how to do with CephFS and Ceph RGW?
For CephFS, this is unachievable.
For a couple of years already, work is being done to have fscrypt
support for CephFS [1]. When that work ends up in mainline kernel (and
distro kernels at some point) this will be possible.
Gr. Stefan
[1]:
https://lwn.net/Articles/829448/