encryption

I have seen that in Proxmox Backup is an option to encrypt the backups. In proxmox itself i couldn't find a way to protect the containers and vms. LXCs are directorys if somone gets the backup it's easy to get all data stored in the backup archive. Is there a hidden option in Proxmox...

Good day, I have a case where the encryption keys had been compromised (failed partnership), and there are a specific set of backups I'd like to re-encrypt with a new encryption key. ie. decrypt the current backup sets, en re-write then with a new backup encryption key. Q1: That is not an...

Hello! I've never had a file server, but I now I think I need to have one as a PVE guest, a very basic one. I'd like something simple and easy, with a GUI. Its only purpose will be to store some simple data of a few vms and containers. I would go for the Turnkey file server LXC container but I...

Hello! I am struggling with a quite weird problem imho. Running Proxmox 7.4.1 (without subscription) without any issues for a long time until recently the SATA controller card locked up and I had to do a hard shutdown. Connected the 4 harddrives to the internal ports and booted up. The pool...

Hi all, I recently stumbled when trying to migrate a VM from a node with an encrypted ZFS dataset to a node without encryption: ``` cannot send nvmepool/vm-310-disk-0@__migration__: encrypted dataset nvmepool/vm-310-disk-0 may not be sent with properties without the raw flag ``` It's not a...

Hello, I have a couple questions about a Proxmox Virtual Environment (PVE) connected to a Proxmox Backup Server (PBS). If the following setting is set to "Do not encrypt backups"... Then... 1) Is the data that is sent from PVE to PBS still encrypted in Transit? If yes to 1... 2) Has...

I have an encrypted dataset which contains resources Proxmox needs (e.g. vm storage). The passphrase is in /etc/zfs/datasetname.phrase and that path is stored in zfs keylocation It gets properly mounted when I zfs mount -a -l without me needing to enter the passphrase. This is not the boot...

Hello, we have a script that we setup to use the backup-client on a external servers which simply calls the backup-client exports the encryption key and password and then selects the diretories we want to backup. This script works fine on all of our servers except one server. The backups do...

I am going to install PVE at my office. For the security policy of my office, I have to encrypt all disks. I have experience of PVE installation at my homelab without encryption, FYI. At first, I thought I can utilize zfs encryption but I am hesitating after I have read this...

Hi all, I'm running proxmox 8.2.2 on encrypted ZFS, basically as described at https://privsec.dev/posts/linux/using-native-zfs-encryption-with-proxmox/. I know this isn't supported, but it works fine, except for zvol replication. Replication wants to preserve properties, and sending an...

Hello I am having some issues. I have several nodes in a cluster that I want local encrypted zfs pools for storage but I can't add the pools using the same name on different proxmox nodes, so I can't easily migrate between encryped zfs pools. Steps to reproduce: #1. Create the base disk in the...

I just noticed when running a backup, the hardware Encryption light was lit on my drive for one of my tapes. This tape has been used without hardware encryption in the past. Has PBS made a change to the way encryption is implemented, now using the hardware encryption by default? Has PBS just...

Hey there, i'm currently trying to figure out if it's possible to encrypt a single (privileged, if that matters at all) LXC container on an unencrypted LVM-VG (currently lvm-thin)? I've got the data for that container encrypted via ZFS encryption, but unfortunately i only have ZFS on HDD and...

Hello, I was hoping to get some clarity about backups and encryption from inside a vm. If I encrypt a debian vm with luks on lvm, will this interfere with proxmox backup server de-duplication, pruning, etc? To clarify, the encryption in not happening in proxmox, but within the vm. Any other...

There is an ongoing discussion about slow encrypted ZFS performance, e.g. here: https://github.com/openzfs/zfs/issues/15245 and here: https://github.com/openzfs/zfs/issues/15276 Obviously this is due to a regression introduced in kernel 5.15.0-82 and discussed here...

Hi There!, Has anyone used or had the experience of activating Ceph's RBD image encryption? RBD Image encryption What I want is to have encrypted disks of some VMs. OSD encryption doesn't solve this case, as it doesn't protect against an attacker gaining access to the host. I also had a look...

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure. # My desired setup...

Hi, I'm running a small PVE cluster of two nodes. Both have an encrypted ZFS dataset set up for container storage, using native ZFS encryption. This prevents migrating the containers from one node to another (https://bugzilla.proxmox.com/show_bug.cgi?id=2350). However, if I create a directory...

Hello, I want to store the backups of my PVE encrypted on my PBS. I am now wondering whether the pbs can still run a prune/verify/gc on the backups, since the pbs does not have an encryption key? My second question is whether the backups are still incremental at all?

Since a while one of my pve hosts runs a zfs dataset with native encryption and did not have any issues so far. I've not implemented automatic loading of the key for the encrypted dataset so if the host is booted I will have to supply it myself. Now I was testing snapshots on this dataset and...