encryption

Hi all, I recently stumbled when trying to migrate a VM from a node with an encrypted ZFS dataset to a node without encryption: ``` cannot send nvmepool/vm-310-disk-0@__migration__: encrypted dataset nvmepool/vm-310-disk-0 may not be sent with properties without the raw flag ``` It's not a...

Hello, I have a couple questions about a Proxmox Virtual Environment (PVE) connected to a Proxmox Backup Server (PBS). If the following setting is set to "Do not encrypt backups"... Then... 1) Is the data that is sent from PVE to PBS still encrypted in Transit? If yes to 1... 2) Has...

I have an encrypted dataset which contains resources Proxmox needs (e.g. vm storage). The passphrase is in /etc/zfs/datasetname.phrase and that path is stored in zfs keylocation It gets properly mounted when I zfs mount -a -l without me needing to enter the passphrase. This is not the boot...

Hello, we have a script that we setup to use the backup-client on a external servers which simply calls the backup-client exports the encryption key and password and then selects the diretories we want to backup. This script works fine on all of our servers except one server. The backups do...

I am going to install PVE at my office. For the security policy of my office, I have to encrypt all disks. I have experience of PVE installation at my homelab without encryption, FYI. At first, I thought I can utilize zfs encryption but I am hesitating after I have read this...

Hi all, I'm running proxmox 8.2.2 on encrypted ZFS, basically as described at https://privsec.dev/posts/linux/using-native-zfs-encryption-with-proxmox/. I know this isn't supported, but it works fine, except for zvol replication. Replication wants to preserve properties, and sending an...

Hello I am having some issues. I have several nodes in a cluster that I want local encrypted zfs pools for storage but I can't add the pools using the same name on different proxmox nodes, so I can't easily migrate between encryped zfs pools. Steps to reproduce: #1. Create the base disk in the...

I just noticed when running a backup, the hardware Encryption light was lit on my drive for one of my tapes. This tape has been used without hardware encryption in the past. Has PBS made a change to the way encryption is implemented, now using the hardware encryption by default? Has PBS just...

Hey there, i'm currently trying to figure out if it's possible to encrypt a single (privileged, if that matters at all) LXC container on an unencrypted LVM-VG (currently lvm-thin)? I've got the data for that container encrypted via ZFS encryption, but unfortunately i only have ZFS on HDD and...

Hello, I was hoping to get some clarity about backups and encryption from inside a vm. If I encrypt a debian vm with luks on lvm, will this interfere with proxmox backup server de-duplication, pruning, etc? To clarify, the encryption in not happening in proxmox, but within the vm. Any other...

There is an ongoing discussion about slow encrypted ZFS performance, e.g. here: https://github.com/openzfs/zfs/issues/15245 and here: https://github.com/openzfs/zfs/issues/15276 Obviously this is due to a regression introduced in kernel 5.15.0-82 and discussed here...

Hi There!, Has anyone used or had the experience of activating Ceph's RBD image encryption? RBD Image encryption What I want is to have encrypted disks of some VMs. OSD encryption doesn't solve this case, as it doesn't protect against an attacker gaining access to the host. I also had a look...

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure. # My desired setup...

Hi, I'm running a small PVE cluster of two nodes. Both have an encrypted ZFS dataset set up for container storage, using native ZFS encryption. This prevents migrating the containers from one node to another (https://bugzilla.proxmox.com/show_bug.cgi?id=2350). However, if I create a directory...

Hello, I want to store the backups of my PVE encrypted on my PBS. I am now wondering whether the pbs can still run a prune/verify/gc on the backups, since the pbs does not have an encryption key? My second question is whether the backups are still incremental at all?

Since a while one of my pve hosts runs a zfs dataset with native encryption and did not have any issues so far. I've not implemented automatic loading of the key for the encrypted dataset so if the host is booted I will have to supply it myself. Now I was testing snapshots on this dataset and...

I'm looking at using a low powered QDEVICE as my third NODE in a 2 node cluster. I don't have a local connection between the nodes or the qdevice, so I'll be relying on the WAN. Is corosync traffic encrypted, or should I consider protecting it in some way ie a VPN or other tunneling technique?

Hello Proxmox Community, I'm just trying to mount my SMB/CIFS Storage for my backups. For this I rent a Storage Box at Hetzner, they offer SAMBA/CIFS and more but SMB is the only method Proxmox supports of them. At the bottom of the page...

Hello all I'm quite new on PVE but have so far played around with 2 thin clients on driffrent vlans running a few VMs each, mostly linux dist, HASS, and a few LXC. So I have some grasp on how to find my way around. But google and the forum have failed me on this, for me, pretty important...

Hi, Right now I'm writing a tutorial on how to best setup an encrypted PVE node. But the question is now how to best set up the encrypted swap? As far as I see there are 3 options and none of them is really great: Option 1.) Just a LUKS encrypted swap partition on a single disk. Not that...