Someone with access to a mon disk can access your whole cluster, it
contains the mon keyring which has full admin capabilities.
And yes, it also has all the encryption keys for the OSDs stored it in it...
Usually disks running mons are just destroyed instead of RMA'd if they
fail on an encrypted c
Hello,
after reading the documentation[1], I'm uncertain whether the OSD
encryption keys are stored in a safe way. If I understand correctly,
they are kept on the monitor(s) but not necessarily with extra
protection.
In other words, is the default setup safe against the situation where
one disk g
