CephVault: A secure Key Management System (KMS) for Ceph

Thumbnail Image



Journal Title

Journal ISSN

Volume Title


University of New Brunswick


Organizations are leveraging cluster storage solutions to address expansive storage requirements. Ceph is a reliable and massively scalable cluster solution that supports object, block, and file storage capabilities on commodity hardware without a single point of failure. Despite growing popularity, the absence of native object encryption support in Ceph raises concerns about potential security vulnerabilities and data compromise. CephArmor, a cryptography interface, was previously developed to provide data confidentiality in Ceph while data is at rest. In this work, we propose a secure Key Management System (KMS), CephVault that can support key generation for various encryption schemes and key lengths required by CephArmor. CephVault, which supports twelve phases of a KMS life cycle, is developed as an intrinsic component of Ceph. We demonstrate that the proposed solution provides better features and security than other KMSs, making CephVault a competitive and preferable choice to many existing KMSs available in the Ceph ecosystem.