On 02/05/18 16:12, David Turner wrote:
> I've heard conflicting opinions if GDPR requires data to be encrypted
> at rest
Encryption both in transit and at rest is part of data protection by
design: it is about making sure that you have control over the data that
you hold/are processing and that if
On Thu, May 3, 2018 at 1:22 PM, David Turner wrote:
> The process to create an encrypted bluestore OSD is very simple to make them
> utilize dmcrypt (literally just add --dmcrypt to the exact same command you
> would run normally to create the OSD). The gotcha is that I had to find the
> option b
The process to create an encrypted bluestore OSD is very simple to make
them utilize dmcrypt (literally just add --dmcrypt to the exact same
command you would run normally to create the OSD). The gotcha is that I
had to find the option by using --help with ceph-volume from the cli. I
was unable t
At 'rest' is talking about data on it's own, not being accessed through an
application. Encryption at rest is most commonly done by encrypting the
block device with something like dmcrypt. It's anything that makes having
the physical disk useless without being able to decrypt it. You can also
ju
On Wed, May 2, 2018 at 11:12 AM, David Turner wrote:
> I've heard conflicting opinions if GDPR requires data to be encrypted at
> rest, but enough of our customers believe that it is that we're looking at
> addressing it in our clusters. I had a couple questions about the state of
> encryption in
I've heard conflicting opinions if GDPR requires data to be encrypted at
rest, but enough of our customers believe that it is that we're looking at
addressing it in our clusters. I had a couple questions about the state of
encryption in ceph.
1) My experience with encryption in Ceph is dmcrypt, i
