Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LSF Boot volume encryption #19

Open
sam-andaluri opened this issue Jul 6, 2023 · 0 comments
Open

LSF Boot volume encryption #19

sam-andaluri opened this issue Jul 6, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@sam-andaluri
Copy link

sam-andaluri commented Jul 6, 2023
edited
Loading

Background

EDA customers prefer encrypting boot and data volumes. However boot volumes can be encrypted only when resources are created. Further customers prefer using their own encryption key i.e. either bring your own key or keep your own key. Either is managed via IBM Cloud Hyper Protect Crypto Service.

Requirements

Please provide a Terraform variable to specify KMS key and use that for encrypting boot volumes. In ibm_is_instance resource, boot volume encryption can be configured via the boot_volume code block. The encryption parameter takes the KMS key CRN. This should be applicable to all VMs created by automation. Currently there were no requirements for configuring separate keys i.e. a single key to encrypt all boot volumes across all VMs created.

boot_volume {
    encryption = var.key_protect_crn
  }
@AugieMena3 AugieMena3 added the enhancement New feature or request label Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AugieMena3 @sam-andaluri