From trilug at trilug.org  Tue Aug 12 10:24:16 2025
From: trilug at trilug.org (=?UTF-8?Q?Crist=C3=B3bal_Palmer?= via TriLUG)
Date: Tue, 12 Aug 2025 10:24:16 -0400
Subject: [TriLUG] F/LOSS KMS package or virtual appliance?
Message-ID: <6ccb6a37-2614-44f2-823f-f21a444119fd@app.fastmail.com>

Greetings!

If you have any experience deploying a KMS to support encryption of virtual machine disk images, especially if the KMS you deployed...

  * Is a F/LOSS project
  * Is deployed in some form of HA configuration (eg. there are two KMS machines or VMs acting as a failover pair) 
  * is part of infrastructure that you had to certify under a NIST 800-171 SSP or another compliance regime involving audits

... I would love to hear from you. I'm happy to take suggestions off-list and report back for those not comfortable posting publicly, but I'd be over the moon if y'all could just share what you know directly to the list.

My research so far has raised more red flags than I would like, so I'm really hoping one or more of you has something you'd like to contribute.

Warmly,
CMP

From trilug at trilug.org  Tue Aug 12 10:54:49 2025
From: trilug at trilug.org (William Sutton via TriLUG)
Date: Tue, 12 Aug 2025 10:54:49 -0400 (EDT)
Subject: [TriLUG] F/LOSS KMS package or virtual appliance?
In-Reply-To: <6ccb6a37-2614-44f2-823f-f21a444119fd@app.fastmail.com>
References: <6ccb6a37-2614-44f2-823f-f21a444119fd@app.fastmail.com>
Message-ID: <alpine.DEB.2.02.2508121053100.29058@pilot.trilug.org>

Maybe someone will have something useful to assist.  The only set of KMS 
machines (virtual appliances) I deployed were Quantum key management 
appliances for backups.  They're proprietary, and it's been 4-5 years 
since I did it.

(e.g., I'm adding one more negative result to your search).

William Sutton

On Tue, 12 Aug 2025, Cristóbal Palmer via TriLUG wrote:

> Greetings!
>
> If you have any experience deploying a KMS to support encryption of virtual machine disk images, especially if the KMS you deployed...
>
>  * Is a F/LOSS project
>  * Is deployed in some form of HA configuration (eg. there are two KMS machines or VMs acting as a failover pair)
>  * is part of infrastructure that you had to certify under a NIST 800-171 SSP or another compliance regime involving audits
>
> ... I would love to hear from you. I'm happy to take suggestions off-list and report back for those not comfortable posting publicly, but I'd be over the moon if y'all could just share what you know directly to the list.
>
> My research so far has raised more red flags than I would like, so I'm really hoping one or more of you has something you'd like to contribute.
>
> Warmly,
> CMP
> -- 
> This message was sent to: William <william at trilug.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	: https://www.trilug.org/mailman/options/trilug/william%40trilug.org
> Welcome to TriLUG: https://trilug.org/welcome