|
|
|
|
|
|
by lmeyerov
1060 days ago
|
|
|
Something I keep coming to here, and not seeing easy solns for, is a pure OSS docker-level approach to volume encryption. No wrangling cryptfs in the host, just a special overlay mode that docker & compose understand. Getting it down to a few docker-compose.yml volume annotations like "encrypted: true" seems like it'd open up a lot of users to doing encryption-at-rest without going full k8s. The threat model here is a bit limited vs other approaches, but I'd think can go far for the bulk of pets out there.. |
|
|