At-rest Encryption in OpenStack Swift

Presented by John Dickinson
Thursday 4:35 p.m.–5:20 p.m.
Target audience: Developer

Abstract

Recently, the OpenStack Swift project released a feature that implements server-side encryption. The feature is designed to protect user data from being exposed if drives were to leave the cluster, something that can happen intentionally through an RMA process or unintentionally from mistakes or malicious intent. If drives leave the cluster, we want to be sure that the users' data is protected and impossible to recover. Swift's at-rest encryption feature encrypts user data and metadata with AES using a unique key for every object stored.

In this talk, we will cover the details of how the server-side encryption works, including the on-disk format, and we'll dig into the key-management used. Also, we'll discuss the ways in which this feature can be improved to support more advanced functionality and more robust key management.

Presented by

John Dickinson

John has been working on the Swift object storage engine since 2009. Swift became one of the founding projects in OpenStack in 2010, and John has served as Swift's Project Technical Lead since 2011.

©2016 Linux Australia and linux.conf.au 2017. Linux is a registered trademark of Linus Torvalds. Site design by Takeflight. Image credits can be found on our Colophon.