The nova.volume.encryptors.cryptsetup Module

class CryptsetupEncryptor(connection_info, **kwargs)

Bases: nova.volume.encryptors.base.VolumeEncryptor

A VolumeEncryptor based on dm-crypt.

This VolumeEncryptor uses dm-crypt to encrypt the specified volume.

attach_volume(context, **kwargs)

Shadows the device and passes an unencrypted version to the instance.

Transparent disk encryption is achieved by mounting the volume via dm-crypt and passing the resulting device to the instance. The instance is unaware of the underlying encryption due to modifying the original symbolic link to refer to the device mounted by dm-crypt.

detach_volume(**kwargs)

Removes the dm-crypt mapping for the device.