7ddd146926
Implements: blueprint security-hardening Change-Id: I05437825ae87307ad303f1bf937c631d7a93ca8e
529 B
529 B
Exception
Creating encrypted storage is left up to the deployer to consider and implement. Although encrypting data at rest on storage volumes does reduce the chances of data theft if the server is physically compromised, it doesn't provide protection from a user who is logged in while the server is running.
Linux systems provide various options for storage encryption. The Linux Unified Key Setup is a good implementation to review.