0f79632f94
Change-Id: Icc44c918bb3558ca7b2d0e7d17f1dc55f5b39972 |
||
---|---|---|
debian | ||
doc/source | ||
docs | ||
etc/marshal | ||
marshal_agent | ||
tmp | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.md | ||
README.rst | ||
babel.cfg | ||
openstack-common.conf | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.md
Marshal
Overview
- Marshal is an agent service running inside virtual machines, which will be responsible for securely fetching encryption keys from ia KMS like Barbican.
- This agent will be interfacing with the disk encryption subsystem of the underlying operating system to encrypt/decrypt the disk I/O.
- In the case of Linux-based virtual machines this agent will be interfacing with dm-crypt and for Windows OS it will be interfacing with Bit-locker.
- The agent provides an abstraction service and can be integrated with other encryption subsystem as required.
- When the agent reads a key from the KMS, the key is only stored briefly in a secure temporary file until it can be transferred to the disk encryption subsystem.
Table of Contents
- Overview
- Features
- Architecture
- Getting Started
- Software Requirements
- Deployment Procedure
- Documentation
- Roadmap
- Core Components and Features
- Security
- Operations
- Platform Support
- Development
- License
Features
- Disk encryption subsystem abstraction allowing for a consistent interface
- KMS system abstraction allowing for a consistent interface
- Encryption at various levels including full disk encryption, partition encryption including root partition
Architecture
Getting Started
Deployment
#####For production purposes, Marshal is intended to be deployed as a Debian Package embedded into OpenStack VMs
Deploying Using Debian Package
Building and testing debian package
For test purposes, Marshal can be cloned using normal Git semantics:
Clone to local repository:
#####Via SSH:
$ git clone git@github.com:CiscoCloud/marshal.git
#####Via HTTPS:
$ git clone https://github.com/CiscoCloud/marshal.git
Software Requirements
- Python 2.7.8
- Cryptsetup (if Linux OS)
Deployment Procedure
Please refer to the Getting Started Guide, which covers deployment, configuration, and example usage.
Documentation
All documentation is located here
Roadmap
- KMS for infrastructure tenants
- Volume encryption (With Marshal)
- Certificate provisioning
- Object Encryption
- High key use tenants and IOT
- KMaaS
Core Components and Features
List core components and features here
- Orchestration
Security
List the security services it provides
- Encryption