<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="color: rgb(0, 0, 0);"><font face="Andale Mono">Hello</font></div><div style="color: rgb(0, 0, 0);"><font face="Andale Mono">I’ve looked around as much as possible, but I want to tread carefully. I’ve created a couple of gluster volumes and before I do a</font></div><div style="color: rgb(0, 0, 0);"><font face="Andale Mono"><br></font></div><div style="color: rgb(0, 0, 0);"><font face="Andale Mono">gluster volume set <Vol> encryption.master-key /path/to/key</font></div><div style="color: rgb(0, 0, 0);"><font face="Andale Mono"><br></font></div><div><font face="Andale Mono">for each, I need to plan properly and decide the path. Given the key only needs to be in place during the mount operation, there are a number of ways I can think of approaching this matter but I don’t like them. I don’t think it’s safe to keep the keys on the servers local to the data in case the box(es) are rooted.</font></div><div><font face="Andale Mono"><br></font></div><div><font face="Andale Mono">I will basically have any number of VMs running concurrently, and they will each be wanting to access a different encrypted gluster volume over the network. Each will have been given the master key for the corresponding volume (although as I’m in the process of building out the platform, it doesn’t have to be that way. I wanna do it right first time though obviously).</font></div><div><font face="Andale Mono"><br></font></div><div><font face="Andale Mono">What’s the best practice?</font></div><div><font face="Andale Mono"><br></font></div><div><font face="Andale Mono">Thanks IA</font></div><div><font face="Andale Mono">Mark</font></div></body></html>