Hi Michał,
hi everyone,
we are having similar issues looming at the horizon (sensitive medical
and human genetic data). :-)
We are currently looking into telling our users to use EncFS
(https://en.wikipedia.org/wiki/EncFS) for this. As it is a filesystem in
user-space unprivileged users can use it freely and as there are
implementations available for Windows and OSX as well they have the
possibility to transfer data in its encrypted form to and from the cluster.
We do not have a "turn-key" solution, yet.
One of the open problems is a way to provide the password for mounting
the encrypted directory inside a slurm-job. But this should be solvable.
Regards,
Hermann
On 12/14/21 9:22 PM, Michał Kadlof wrote:
Hi,
some of my users work with "sensitive data". Currently we use standard
unix groups with ACLs to limit access but I wonder if there is any way
to keep data encrypted (for example with gpg) and decrypt them "on the
fly" in Slurm job and then encrypt the results again after the job is
finished.
We store users homes on lustre shared filesystem if it matter...
Are there any recommendations, guides or "best practices" how to keep
such data safe?
