OpenStack has allowed businesses to improve their efficiency by offloading work into the cloud. Some of that work and data is sensitive, and it would be catastrophic to the business if leaked to competitors. This sensitivity lead OpenStack to implement several encryption features, but encryption begs the question of who is managing the encryption keys? This talk will examine key management and bring your own key (BYOK) in OpenStack. It will briefly describe a couple of encryption features to highlight which services use encryption keys, and then go into a discussion of key management. We will discuss the trust relationships between the different parties, the motivations for bring your own key, and the benefits and drawbacks of BYOK.
Attendees should expect to learn about some of the currently implemented encryption features in OpenStack as well as the current key management scheme. The attendees will learn about the consequences of this model, and we will examine some of the motivations for allowing BYOK key management. We will also cover how BYOK can work in OpenStack and what needs to change to make that happen.