public-cloud-roadmap Encrypted Block Volumes

As a user I want to be able to encrypt my block volumes.

Sep 23 '22 13:09 JacquesMrz

A must which would facilitate the fulfillment of some of our requirements, as far as the scope includes volumes (block storage) for OVH Managed *Kubernetes* and uses server-side encryption with customer-provided encryption, like available now on OVH Object Storage (S3).

Oct 04 '22 09:10 scndel

Can I have more info about encryption on OVH Object Storage (S3)? Thanks.

Oct 23 '22 09:10 biapar

Customized encryption of data at rest is an important feature. Especially for potential customers from the financial sector.

Feb 21 '23 13:02 JohannesHeld

Can I have more info about encryption on OVH Object Storage (S3)? Thanks.

Hi @biapar , here is the guide about Encryption on S3 Object Storage in OVHcloud: https://docs.ovh.com/ie/en/storage/object-storage/s3/encrypt-your-objects-with-sse-c/

Mar 10 '23 13:03 JacquesMrz

Can I have more info about encryption on OVH Object Storage (S3)? Thanks.

Hi @biapar , here is the guide about Encryption on S3 Object Storage in OVHcloud.

Where?

Mar 10 '23 13:03 biapar

Hi, any update on the topic ? It's a real requirement from some customers.

Apr 04 '23 09:04 scndel

Hi,

Is this feature including : O.S. instances drive encryption?
setting the encryption will be including in the terraform provider?

May 15 '23 07:05 igorrenquin

Hi,

Any update on the topic ?

Jun 08 '23 09:06 abrdsmygp

Push - Want to see this in K8S 👍

Oct 27 '23 12:10 MrOffline77

Hi @JacquesMrz , it impacts our own roadmap so it'd be also nice to know that you will NOT implement it within next months (therefore we'll unfortunately aim towards another encryption solution).

Oct 30 '23 12:10 scndel

In the Openstack world there is Cinder Barbican to provide encryption at rest (LUKS) for Cinder volumes. As an MKS customer, I would like to be able to use transparent encryption at rest on a PV. For example via a specific annotation on the PVC. We solve the issue so far by running a Ceph cluster ourselves in the cluster which runs on the PV of the MKS. We then work with transparent OSD encryption and create our own storage class. In doing so, we lose approx. 50% of the IOPS.

As a transitional solution, it would help if MKS had the high-speed GEN2 storage available in order to have more IOPS available.

Mar 18 '24 15:03 MrOffline77

Hi @JacquesMrz , it impacts our own roadmap so it'd be also nice to know that you will NOT implement it within next months (therefore we'll unfortunately aim towards another encryption solution).

If I read the roadmap correctly, it looks like it should be implemented more or less between July and October 2024 :).

Jun 07 '24 17:06 julienkosinski

Hi Julie Which Solution Do you use? @Ovh: Why this delay?

Jun 07 '24 17:06 biapar

@biapar Well, as of now, unencrypted volumes...

Jun 07 '24 17:06 julienkosinski

Nooo… I made a custom enc solution in c#. On the server I use a private key to enc the file and after I save on the blob. After I decrypt to read.

Jun 07 '24 17:06 biapar

@biapar Nice! :) In this regard, depending on your use case, you might be interested in SOPS (but I advise waiting until SOPS have a clearer release cycle, which should be explained soon). The most sensitive data I have to store are on the OVH Object Storage which has a built-in encryption option. So I think to wait on OVH encryption for the Block part.

Jun 07 '24 17:06 julienkosinski

Feel free to reach out to me for support in setting up rook with encryption at rest at OVH MKS. We are happy to assist you.

Jun 07 '24 17:06 MrOffline77

Thank you! :)

Jun 07 '24 18:06 julienkosinski

public-cloud-roadmap public-cloud-roadmap copied to clipboard

Encrypted Block Volumes

public-cloud-roadmap
public-cloud-roadmap copied to clipboard