| CPC G06F 12/1408 (2013.01) [G06F 3/061 (2013.01); G06F 3/0659 (2013.01); G06F 3/067 (2013.01); G06F 9/546 (2013.01); G06F 12/1466 (2013.01); G06F 21/602 (2013.01); G06F 2209/548 (2013.01); G06F 2212/1052 (2013.01); G06F 2212/401 (2013.01); G06F 2212/402 (2013.01)] | 19 Claims |
|
1. A system comprising:
a storage system comprising one or more storage devices; and
a storage controller operatively coupled to the storage system, the storage controller comprising a processing device, the processing device to:
receive first raw data from a first tenant of the storage system to a first input/output (I/O) queue of a plurality of I/O queues in the storage system, wherein the plurality of I/O queues comprise Non-Volatile Memory Express (NVME) I/O queues;
determine that the first I/O queue corresponds to a first key of a plurality of keys, wherein the first key corresponds to the first tenant, wherein each of the plurality of keys corresponds to a respective I/O queue and a respective tenant, and wherein each of the plurality of keys is used to encrypt data in the respective I/O queue received from the respective tenant;
encrypt the first raw data using the first key to generate first encrypted data;
store the first encrypted data on the storage system, the first encrypted data stored in a same volume as other encrypted data associated with other tenants and other keys;
receive a request, from the first tenant, to read the first encrypted data from the storage system via the first I/O queue;
determine that the first I/O queue corresponds to the first key, wherein the first key corresponds to the first tenant; and
provide first decrypted data to the first tenant via the first I/O queue, wherein the first decrypted data is decrypted using the first key.
|