[FEATURE] Backup encryption #8453
Labels
area/security
System or volume data access security
area/volume-backup-restore
Volume backup restore
kind/feature
Feature request, new feature
require/auto-e2e-test
Require adding/updating auto e2e test cases if they can be automated
require/doc
Require updating the longhorn.io documentation
require/lep
Require adding/updating enhancement proposal
require/manual-test-plan
Require adding/updating manual test cases if they can't be automated
Milestone
Is your feature request related to a problem? Please describe (馃憤 if you like this request)
It is great that longhorn supports encrypted volumes. In some deployments you want to have the full system encrypted, in talos this is possible using secureboot/tpm:
https://www.talos.dev/v1.6/talos-guides/install/bare-metal-platforms/secureboot/#disk-encryption-with-tpm
In this case encrypting the longhorn volume on top of an already encrypted volumes does not make much sense.
Therefore it would be great to also have an option to only encrypt backups to s3 using some kind of encryption/decryption.
This would reduce the constant performance overhead and only consume cpu cycles in case of actual backup and restore operations.
Describe the solution you'd like
Have the option to encrypt/decrypt s3 backups using some kind of client side encryption like this https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html
Describe alternatives you've considered
Have the linux system volumes unencrypted. This leads to a danger of theft.
Additional context
The text was updated successfully, but these errors were encountered: