cc @oniko
I wanted to discuss our current keyring selection for passphrases. Currently we use the persistent keyring and I would like to propose migrating to the process keyring. From a threat-modeling perspective, this couples root permissions and access to the encrypted device if the key is in the kernel keyring. This may not be desirable for some users.
I'm curious what people's thoughts are here. Is the process keyring preferable? Are the tradeoffs (the keys disappearing on stratisd restart) not worth it?
cc @oniko
I wanted to discuss our current keyring selection for passphrases. Currently we use the persistent keyring and I would like to propose migrating to the process keyring. From a threat-modeling perspective, this couples root permissions and access to the encrypted device if the key is in the kernel keyring. This may not be desirable for some users.
I'm curious what people's thoughts are here. Is the process keyring preferable? Are the tradeoffs (the keys disappearing on stratisd restart) not worth it?