Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-6140

Support to have Singed backups and local checksums for backup integrity

XMLWordPrintable

    • Product / Portfolio Work
    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • ToDo
    • 0
    • Very Likely
    • 0
    • 0
    • None
    • Unset
    • Unknown

      -

      Proposed title of this feature request

      • Ability to have signed backups and local checksums for OADP backups to prevent data tampering attacks if the S3 bucket got compromised.

      What is the nature and description of the request?
      -  We are looking for a security feature to prevent data tampering attacks if the S3 bucket got compromised.

      Currently, The OADP leverages the aws plugin SSE-C to implement encryption for backup at rest, but our customer want a mechanism to protect backup integrity like having signed backups and having a mechanism to generate and store local checksum for the backup taken (to be stored locally in the cluster not in the S3 bucket).

      These two GitHub issues might be related:
      https://github.com/vmware-tanzu/velero/issues/3875
      https://github.com/vmware-tanzu/velero/issues/1072

      Why does the customer need this? (List the business requirements here)

      • Customer is asking about OADP security features to mitigate Data tampering attacks.

      Optional: List affected component/s.

       

              rhn-engineering-mpryc Michal Pryc
              rhn-support-aessam Abdelrahman Essam
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: