Enable users to encrypt data at rest #11088
Comments
|
I think this has to be done at the infrastructure level, for example encrypt the filesystem or storage service. |
|
I agree, I don't think there's a reasonable way that Harbor could transparently handle encrypting the images without it being only a minor speed bump to retrieve whatever key Harbor used in order to decrypt them -- projects like https://github.com/containerd/imgcrypt which seek to encrypt images through the entire pipeline and decrypt them in the runtime seem like a much better fit for this problem. |
|
(Another solution for admins who only need "at rest" encryption is to use an encrypted filesystem for storage, which would be completely transparent to Harbor.) |
|
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
this would benefit service providers and internal IT for sensitive images. This is a compliance requirement for certain large organizations
The text was updated successfully, but these errors were encountered: