)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"2b094d56ac12c56ffd8b80eb68d87956f7847243","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"990b2f74_daafefbb","updated":"2024-03-27 11:59:20.000000000","message":"It would be nice, if you rebase your change, put the spec in the new targeted folder for 2024.2 and solve the tox-docs Error.","commit_id":"3bb1050ac0e96c85213e3a7e807bf826020fc6c6"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"0718bd82_e13258d0","updated":"2026-01-08 15:39:31.000000000","message":"Linting review","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":38081,"name":"Anthony Galica","display_name":"agalica","email":"anthony.galica@hitachivantara.com","username":"agalica","status":"Hitachi Vantara"},"change_message_id":"f412d8647659b5b8bd58775e274494cd1b5311e7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"8c1a67a5_d1a33a54","updated":"2025-12-05 15:19:12.000000000","message":"This seems like a good idea.  I do have one minor question on it.","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":9236,"name":"Jon Bernard","email":"jobernar@redhat.com","username":"jbernard"},"change_message_id":"e6f21b3da64d8d28f8d71f117eccf610ea045008","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"979ff823_65eb102d","updated":"2025-12-12 16:19:27.000000000","message":"Tobias, are you still interested in this?  If so, can you resolve the zuul failure?","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"}],"specs/untargeted/byok-for-cinder.rst":[{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"2b094d56ac12c56ffd8b80eb68d87956f7847243","unresolved":true,"context_lines":[{"line_number":28,"context_line":"Proposed change"},{"line_number":29,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Most peaces are already in place and do not to be changed for that feature to be implemented. The KeyManager implementation holds the key provided by the end user."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- The most visible change is to be able to provide an encryption key ID to create volume."},{"line_number":34,"context_line":"- cinder.volume.volume_utils.clone_encryption_key() must be used to ensure keys can be deleted when the volume is deleted"}],"source_content_type":"text/x-rst","patch_set":1,"id":"00d074d9_d61f2a9e","line":31,"updated":"2024-03-27 11:59:20.000000000","message":"nit: \"pieces\"","commit_id":"3bb1050ac0e96c85213e3a7e807bf826020fc6c6"},{"author":{"_account_id":36790,"name":"NotTheEvilOne","display_name":"Tobias \"NotTheEvilOne\" Wolf","email":"ubuntu-NTEO@vplace.de","username":"NotTheEvilOne"},"change_message_id":"768b3d94d1713dfe5afb2f9e177d055b07b41619","unresolved":false,"context_lines":[{"line_number":28,"context_line":"Proposed change"},{"line_number":29,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Most peaces are already in place and do not to be changed for that feature to be implemented. The KeyManager implementation holds the key provided by the end user."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- The most visible change is to be able to provide an encryption key ID to create volume."},{"line_number":34,"context_line":"- cinder.volume.volume_utils.clone_encryption_key() must be used to ensure keys can be deleted when the volume is deleted"}],"source_content_type":"text/x-rst","patch_set":1,"id":"1157f146_647c566d","line":31,"in_reply_to":"00d074d9_d61f2a9e","updated":"2024-07-04 07:01:27.000000000","message":"Done","commit_id":"3bb1050ac0e96c85213e3a7e807bf826020fc6c6"},{"author":{"_account_id":28271,"name":"Josephine Seifert","email":"josephine.seifert@cloudandheat.com","username":"josei"},"change_message_id":"2b094d56ac12c56ffd8b80eb68d87956f7847243","unresolved":true,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"  * Create a volume: POST"},{"line_number":52,"context_line":"  * Normal http response code(s): 202"},{"line_number":53,"context_line":"  * New optional parameter encryption_key_id indicates which encryption key ID from the KeyManager implementation should be used"},{"line_number":54,"context_line":"  * Maybe a new use of response code 409 may be needed if e.g. a encrypted snapshot volume should be copied with a different key"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Security impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"da9c400f_823fd9dc","line":53,"updated":"2024-03-27 11:59:20.000000000","message":"This should also include a check, whether the provided or default volume type has an encryption type.\n\nMaybe an addition of a default encryption volume type as a config parameter would be nice, as users might forget to provide a correct volume type.\n\nThis would also result in an impyct for deployers as they will have to fill such a config parameter.","commit_id":"3bb1050ac0e96c85213e3a7e807bf826020fc6c6"},{"author":{"_account_id":36790,"name":"NotTheEvilOne","display_name":"Tobias \"NotTheEvilOne\" Wolf","email":"ubuntu-NTEO@vplace.de","username":"NotTheEvilOne"},"change_message_id":"768b3d94d1713dfe5afb2f9e177d055b07b41619","unresolved":false,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"  * Create a volume: POST"},{"line_number":52,"context_line":"  * Normal http response code(s): 202"},{"line_number":53,"context_line":"  * New optional parameter encryption_key_id indicates which encryption key ID from the KeyManager implementation should be used"},{"line_number":54,"context_line":"  * Maybe a new use of response code 409 may be needed if e.g. a encrypted snapshot volume should be copied with a different key"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Security impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"36ca038a_57db5832","line":53,"in_reply_to":"da9c400f_823fd9dc","updated":"2024-07-04 07:01:27.000000000","message":"Done","commit_id":"3bb1050ac0e96c85213e3a7e807bf826020fc6c6"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/cinder/+spec/byok-for-cinder"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Problem description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"f9cb0e91_757019dc","line":13,"range":{"start_line":13,"start_character":17,"end_line":13,"end_character":22},"updated":"2026-01-08 15:39:31.000000000","message":"nit: lacks","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/cinder/+spec/byok-for-cinder"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Cinder currently lags support the API to create a volume with a predefined (e.g. already stored in Barbican) encryption key. This feature would be useful for use cases where end-users should be enabled to store keys later on used to encrypt volumes."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Problem description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"a9c60cb0_ea4dd611","line":13,"range":{"start_line":13,"start_character":158,"end_line":13,"end_character":248},"updated":"2026-01-08 15:39:31.000000000","message":"reads better as \"use cases where end users should be able to store keys that are later used to encrypt volumes”","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":15,"context_line":"Problem description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Encryption keys are currently generated completely transparent for end-users. Most features are already implemented and tested therefore. What\u0027s missing is the possibility to use a user defined key, known as \"bring your own keys\", for encryption. This may be useful for certain legal requirements or specifications to be fulfilled."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Use Cases"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"cbd2bea7_6aa85d53","line":18,"range":{"start_line":18,"start_character":209,"end_line":18,"end_character":228},"updated":"2026-01-08 15:39:31.000000000","message":"Might be worth introducing the BYOK acronym here","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":15,"context_line":"Problem description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Encryption keys are currently generated completely transparent for end-users. Most features are already implemented and tested therefore. What\u0027s missing is the possibility to use a user defined key, known as \"bring your own keys\", for encryption. This may be useful for certain legal requirements or specifications to be fulfilled."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Use Cases"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"b035a931_d61e1b42","line":18,"range":{"start_line":18,"start_character":321,"end_line":18,"end_character":330},"updated":"2026-01-08 15:39:31.000000000","message":"nit: met","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":15,"context_line":"Problem description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Encryption keys are currently generated completely transparent for end-users. Most features are already implemented and tested therefore. What\u0027s missing is the possibility to use a user defined key, known as \"bring your own keys\", for encryption. This may be useful for certain legal requirements or specifications to be fulfilled."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Use Cases"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"db3d94ee_1d33244e","line":18,"range":{"start_line":18,"start_character":181,"end_line":18,"end_character":193},"updated":"2026-01-08 15:39:31.000000000","message":"nit: user-defined","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"- End users are enabled to manage their own keys"},{"line_number":24,"context_line":"- With proper backups in place data can be recovered even if the key is lost at the deployer"},{"line_number":25,"context_line":"- With trust in the deployer to have a proper KeyManager setup in place data can be securely deleted at any time with deleting the key and volumes attached"},{"line_number":26,"context_line":"- Key management can be enabled with the toolset of the end user in multi cloud use cases"},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"d88925d3_33c1cb7d","line":24,"range":{"start_line":24,"start_character":30,"end_line":24,"end_character":31},"updated":"2026-01-08 15:39:31.000000000","message":"nit: add comma","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"- End users are enabled to manage their own keys"},{"line_number":24,"context_line":"- With proper backups in place data can be recovered even if the key is lost at the deployer"},{"line_number":25,"context_line":"- With trust in the deployer to have a proper KeyManager setup in place data can be securely deleted at any time with deleting the key and volumes attached"},{"line_number":26,"context_line":"- Key management can be enabled with the toolset of the end user in multi cloud use cases"},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"c5631403_fc748147","line":24,"range":{"start_line":24,"start_character":77,"end_line":24,"end_character":80},"updated":"2026-01-08 15:39:31.000000000","message":"nit: by","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":22,"context_line":""},{"line_number":23,"context_line":"- End users are enabled to manage their own keys"},{"line_number":24,"context_line":"- With proper backups in place data can be recovered even if the key is lost at the deployer"},{"line_number":25,"context_line":"- With trust in the deployer to have a proper KeyManager setup in place data can be securely deleted at any time with deleting the key and volumes attached"},{"line_number":26,"context_line":"- Key management can be enabled with the toolset of the end user in multi cloud use cases"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed change"}],"source_content_type":"text/x-rst","patch_set":3,"id":"c6fd8c65_84663adc","line":25,"range":{"start_line":25,"start_character":113,"end_line":25,"end_character":118},"updated":"2026-01-08 15:39:31.000000000","message":"nit:by","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Use Cases"},{"line_number":21,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"- End users are enabled to manage their own keys"},{"line_number":24,"context_line":"- With proper backups in place data can be recovered even if the key is lost at the deployer"},{"line_number":25,"context_line":"- With trust in the deployer to have a proper KeyManager setup in place data can be securely deleted at any time with deleting the key and volumes attached"},{"line_number":26,"context_line":"- Key management can be enabled with the toolset of the end user in multi cloud use cases"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed change"},{"line_number":29,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9cce59d7_870aab59","line":26,"range":{"start_line":22,"start_character":0,"end_line":26,"end_character":89},"updated":"2026-01-08 15:39:31.000000000","message":"Try not to mix full sentences with bullet points. Either make all bullet points full sentences of bullet fragments","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":23,"context_line":"- End users are enabled to manage their own keys"},{"line_number":24,"context_line":"- With proper backups in place data can be recovered even if the key is lost at the deployer"},{"line_number":25,"context_line":"- With trust in the deployer to have a proper KeyManager setup in place data can be securely deleted at any time with deleting the key and volumes attached"},{"line_number":26,"context_line":"- Key management can be enabled with the toolset of the end user in multi cloud use cases"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed change"},{"line_number":29,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7939acd2_75c74add","line":26,"range":{"start_line":26,"start_character":68,"end_line":26,"end_character":79},"updated":"2026-01-08 15:39:31.000000000","message":"nit: multi-cloud","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":28,"context_line":"Proposed change"},{"line_number":29,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Most peaces are already in place and do not to be changed for that feature to be implemented. The KeyManager implementation holds the key provided by the end user."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- The most visible change is to be able to provide an encryption key ID to create volume."},{"line_number":34,"context_line":"- cinder.volume.volume_utils.clone_encryption_key() must be used to ensure keys can be deleted when the volume is deleted"}],"source_content_type":"text/x-rst","patch_set":3,"id":"6c59679d_b9d04c64","line":31,"range":{"start_line":31,"start_character":43,"end_line":31,"end_character":44},"updated":"2026-01-08 15:39:31.000000000","message":"nit: add \u0027need\u0027","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":28,"context_line":"Proposed change"},{"line_number":29,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Most peaces are already in place and do not to be changed for that feature to be implemented. The KeyManager implementation holds the key provided by the end user."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- The most visible change is to be able to provide an encryption key ID to create volume."},{"line_number":34,"context_line":"- cinder.volume.volume_utils.clone_encryption_key() must be used to ensure keys can be deleted when the volume is deleted"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d6721028_48776058","line":31,"range":{"start_line":31,"start_character":5,"end_line":31,"end_character":12},"updated":"2026-01-08 15:39:31.000000000","message":"nit: pieces","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Most peaces are already in place and do not to be changed for that feature to be implemented. The KeyManager implementation holds the key provided by the end user."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- The most visible change is to be able to provide an encryption key ID to create volume."},{"line_number":34,"context_line":"- cinder.volume.volume_utils.clone_encryption_key() must be used to ensure keys can be deleted when the volume is deleted"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Alternatives"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3ffb0b03_321f4006","line":33,"range":{"start_line":33,"start_character":81,"end_line":33,"end_character":82},"updated":"2026-01-08 15:39:31.000000000","message":"nit: add \u0027a\u0027","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":36,"context_line":"Alternatives"},{"line_number":37,"context_line":"------------"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"The API could be extended to create volumes with given key data. From the developer side difficulties are seen in how keys are managed internally (that\u0027s why clone_encryption_key() is used for snapshot based volumes). From the deployers perspective the KeyManager API is hidden from the end user and maybe for specific implementations logs are less detailed if called internally from Cinder."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Data model impact"},{"line_number":42,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"1e4c5665_1017bef7","line":39,"range":{"start_line":39,"start_character":65,"end_line":39,"end_character":110},"updated":"2026-01-08 15:39:31.000000000","message":"\"From the developer\u0027s perspective\" is better","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"- ``/v3/{project_id}/volumes``"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"  * Create a volume: POST"},{"line_number":52,"context_line":"  * Normal http response code(s): 202"},{"line_number":53,"context_line":"  * New optional parameter encryption_key_id indicates which encryption key ID from the KeyManager implementation should be used"},{"line_number":54,"context_line":"  * Maybe a new use of response code 409 may be needed if e.g. a encrypted snapshot volume should be copied with a different key"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5f40c054_1c906f15","line":51,"range":{"start_line":51,"start_character":21,"end_line":51,"end_character":25},"updated":"2026-01-08 15:39:31.000000000","message":"POST request","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":51,"context_line":"  * Create a volume: POST"},{"line_number":52,"context_line":"  * Normal http response code(s): 202"},{"line_number":53,"context_line":"  * New optional parameter encryption_key_id indicates which encryption key ID from the KeyManager implementation should be used"},{"line_number":54,"context_line":"  * Maybe a new use of response code 409 may be needed if e.g. a encrypted snapshot volume should be copied with a different key"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Security impact"},{"line_number":57,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"748efca7_f775e474","line":54,"range":{"start_line":54,"start_character":63,"end_line":54,"end_character":128},"updated":"2026-01-08 15:39:31.000000000","message":"Might be worth explicitly stating why this would be rejected","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":38081,"name":"Anthony Galica","display_name":"agalica","email":"anthony.galica@hitachivantara.com","username":"agalica","status":"Hitachi Vantara"},"change_message_id":"f412d8647659b5b8bd58775e274494cd1b5311e7","unresolved":true,"context_lines":[{"line_number":51,"context_line":"  * Create a volume: POST"},{"line_number":52,"context_line":"  * Normal http response code(s): 202"},{"line_number":53,"context_line":"  * New optional parameter encryption_key_id indicates which encryption key ID from the KeyManager implementation should be used"},{"line_number":54,"context_line":"  * Maybe a new use of response code 409 may be needed if e.g. a encrypted snapshot volume should be copied with a different key"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Security impact"},{"line_number":57,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"09604a22_8981c959","line":54,"updated":"2025-12-05 15:19:12.000000000","message":"Perhaps this is implied, but I\u0027m thinking there should also be 404 (or something) if the key is not found.","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":51,"context_line":"  * Create a volume: POST"},{"line_number":52,"context_line":"  * Normal http response code(s): 202"},{"line_number":53,"context_line":"  * New optional parameter encryption_key_id indicates which encryption key ID from the KeyManager implementation should be used"},{"line_number":54,"context_line":"  * Maybe a new use of response code 409 may be needed if e.g. a encrypted snapshot volume should be copied with a different key"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Security impact"},{"line_number":57,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"991b4085_35a2207d","line":54,"range":{"start_line":54,"start_character":63,"end_line":54,"end_character":65},"updated":"2026-01-08 15:39:31.000000000","message":"nit: an","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":56,"context_line":"Security impact"},{"line_number":57,"context_line":"---------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"No direct security impact changes are connected with the proposed change. For the alternative solution sensitive encryption keys are handled by .Create()."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Active/Active HA impact"},{"line_number":62,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"68d1945a_8e9f05ee","line":59,"range":{"start_line":59,"start_character":38,"end_line":59,"end_character":48},"updated":"2026-01-08 15:39:31.000000000","message":"nit: associated","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":56,"context_line":"Security impact"},{"line_number":57,"context_line":"---------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"No direct security impact changes are connected with the proposed change. For the alternative solution sensitive encryption keys are handled by .Create()."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Active/Active HA impact"},{"line_number":62,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"dae08754_3b196175","line":59,"range":{"start_line":59,"start_character":144,"end_line":59,"end_character":145},"updated":"2026-01-08 15:39:31.000000000","message":"nit: remove period","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":99,"context_line":"Work Items"},{"line_number":100,"context_line":"----------"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"- Update /cinder/volume/api.py to accept an encryption key ID. The encryption key ID should be stored in the configured KeyManager (usually Barbican). Based on feedback of the OpenStack community an alternative would be to provide and store the key right away on create."},{"line_number":103,"context_line":"- clone_encryption_key() of /cinder/volume/volume_utils.py must be used to ensure keys can be deleted when the volume is deleted"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":3,"id":"b4728bcd_359a7721","line":102,"range":{"start_line":102,"start_character":169,"end_line":102,"end_character":172},"updated":"2026-01-08 15:39:31.000000000","message":"nit: from","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"},{"author":{"_account_id":13425,"name":"Simon Dodsley","email":"simon@purestorage.com","username":"sdodsley"},"change_message_id":"eb3e0c1c054e564f74805f397a27658dc183b6b2","unresolved":true,"context_lines":[{"line_number":100,"context_line":"----------"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"- Update /cinder/volume/api.py to accept an encryption key ID. The encryption key ID should be stored in the configured KeyManager (usually Barbican). Based on feedback of the OpenStack community an alternative would be to provide and store the key right away on create."},{"line_number":103,"context_line":"- clone_encryption_key() of /cinder/volume/volume_utils.py must be used to ensure keys can be deleted when the volume is deleted"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"Dependencies"},{"line_number":106,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"54075e64_029b497d","line":103,"range":{"start_line":103,"start_character":28,"end_line":103,"end_character":58},"updated":"2026-01-08 15:39:31.000000000","message":"make this formatted as inline code","commit_id":"13f907abaa7d154cad309b52b27c6474c6f5f933"}]}