encryption

I am going to install PVE at my office. For the security policy of my office, I have to encrypt all disks. I have experience of PVE installation at my homelab without encryption, FYI. At first, I thought I can utilize zfs encryption but I am hesitating after I have read this...

Hi all, I'm running proxmox 8.2.2 on encrypted ZFS, basically as described at https://privsec.dev/posts/linux/using-native-zfs-encryption-with-proxmox/. I know this isn't supported, but it works fine, except for zvol replication. Replication wants to preserve properties, and sending an...

Hello I am having some issues. I have several nodes in a cluster that I want local encrypted zfs pools for storage but I can't add the pools using the same name on different proxmox nodes, so I can't easily migrate between encryped zfs pools. Steps to reproduce: #1. Create the base disk in the...

I just noticed when running a backup, the hardware Encryption light was lit on my drive for one of my tapes. This tape has been used without hardware encryption in the past. Has PBS made a change to the way encryption is implemented, now using the hardware encryption by default? Has PBS just...

Hey there, i'm currently trying to figure out if it's possible to encrypt a single (privileged, if that matters at all) LXC container on an unencrypted LVM-VG (currently lvm-thin)? I've got the data for that container encrypted via ZFS encryption, but unfortunately i only have ZFS on HDD and...

Hello, I was hoping to get some clarity about backups and encryption from inside a vm. If I encrypt a debian vm with luks on lvm, will this interfere with proxmox backup server de-duplication, pruning, etc? To clarify, the encryption in not happening in proxmox, but within the vm. Any other...

There is an ongoing discussion about slow encrypted ZFS performance, e.g. here: https://github.com/openzfs/zfs/issues/15245 and here: https://github.com/openzfs/zfs/issues/15276 Obviously this is due to a regression introduced in kernel 5.15.0-82 and discussed here...

Hi There!, Has anyone used or had the experience of activating Ceph's RBD image encryption? RBD Image encryption What I want is to have encrypted disks of some VMs. OSD encryption doesn't solve this case, as it doesn't protect against an attacker gaining access to the host. I also had a look...

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure. # My desired setup...

Hi, I'm running a small PVE cluster of two nodes. Both have an encrypted ZFS dataset set up for container storage, using native ZFS encryption. This prevents migrating the containers from one node to another (https://bugzilla.proxmox.com/show_bug.cgi?id=2350). However, if I create a directory...

Hello, I want to store the backups of my PVE encrypted on my PBS. I am now wondering whether the pbs can still run a prune/verify/gc on the backups, since the pbs does not have an encryption key? My second question is whether the backups are still incremental at all?

Since a while one of my pve hosts runs a zfs dataset with native encryption and did not have any issues so far. I've not implemented automatic loading of the key for the encrypted dataset so if the host is booted I will have to supply it myself. Now I was testing snapshots on this dataset and...

I'm looking at using a low powered QDEVICE as my third NODE in a 2 node cluster. I don't have a local connection between the nodes or the qdevice, so I'll be relying on the WAN. Is corosync traffic encrypted, or should I consider protecting it in some way ie a VPN or other tunneling technique?

Hello Proxmox Community, I'm just trying to mount my SMB/CIFS Storage for my backups. For this I rent a Storage Box at Hetzner, they offer SAMBA/CIFS and more but SMB is the only method Proxmox supports of them. At the bottom of the page...

Hello all I'm quite new on PVE but have so far played around with 2 thin clients on driffrent vlans running a few VMs each, mostly linux dist, HASS, and a few LXC. So I have some grasp on how to find my way around. But google and the forum have failed me on this, for me, pretty important...

Hi, Right now I'm writing a tutorial on how to best setup an encrypted PVE node. But the question is now how to best set up the encrypted swap? As far as I see there are 3 options and none of them is really great: Option 1.) Just a LUKS encrypted swap partition on a single disk. Not that...

Hello, I have a bunch of questions about setting up storage in a recommended/safest way. My end goal is that I have a NAS with a few storage "buckets" that I can mount/share into other vm's or externally via samba, nfs, etc. The tricky thing is, I want all(or some) of the storage to be...

Hello everyone! I am currently setting up offsite backups to a PBS instance I don't own, so I want to use client side encryption. My PVE runs on an encrypted ZFS root that it also uses for VM disks. Since ZFS supports exporting raw encrypted datasets without the key (i.e. zfs send -w), I was...

Hello everyone, I just discovered something really odd regarding the encrypted backups to pbs and I wanted to share. I have setup my encrypted backup to a locally hosted pbs instance. The encryption key is stored in client at etc/pve/priv/storage/<STORAGE-ID>.enc. If you remove this file...

Hello all, I have seen an understand the benefits of setting up a base image/template with Cloud-Init, so similar VMs can very easily be setup when needed. My question is... can these Cloud-Init template/images can be setup with LUKS encryption without losing any features? Will it still be able...