encryption

Hello, I have a bunch of questions about setting up storage in a recommended/safest way. My end goal is that I have a NAS with a few storage "buckets" that I can mount/share into other vm's or externally via samba, nfs, etc. The tricky thing is, I want all(or some) of the storage to be...

Hello everyone! I am currently setting up offsite backups to a PBS instance I don't own, so I want to use client side encryption. My PVE runs on an encrypted ZFS root that it also uses for VM disks. Since ZFS supports exporting raw encrypted datasets without the key (i.e. zfs send -w), I was...

Hello everyone, I just discovered something really odd regarding the encrypted backups to pbs and I wanted to share. I have setup my encrypted backup to a locally hosted pbs instance. The encryption key is stored in client at etc/pve/priv/storage/<STORAGE-ID>.enc. If you remove this file...

Hello all, I have seen an understand the benefits of setting up a base image/template with Cloud-Init, so similar VMs can very easily be setup when needed. My question is... can these Cloud-Init template/images can be setup with LUKS encryption without losing any features? Will it still be able...

The documentation talks about enabling encrypted snapshots when using Proxmox Backup Server, but doesn't mention enabling encryption for backup up elsewhere (for example, to a SMB server). Is there any way to enable encryption on all snapshots? I'm hoping to use the web interface to set up...

Hi, i got 2 questions to properly secure my data. The setup is one server running PVE an another server running PBS. All on premise. The VMs are stored on thin-provisioned LVMs that are encrypted using LUKS. The key is stored on a hardware token. I am really happy with that. Works great and...

Hi If I create an encrypted ceph cluster, are encryption keys stored in /etc/pve/priv/ or /var/lib/ceph/mon?

Hello I'm deploying a Proxmox/ceph cluster consisting of 3 physical nodes. I'd like to encrypt the whole ceph storage. I know there is an 'Encrypt' checkbox when creating OSDs, but it encrypts/decrypts automatically as needed and only protects when a system is off/disk taken out of the node...

Hi. One quick question. Is it a safe practice to passthrough LUKS encrypted disk to VM by pointing to /dev/mapper/ mounted disk ? I know VM can handle the whole encryption thing, but I have special needs :) Thanks in advance

Hello all, Quick question… does anyone know if it’s possible to use PBS to backup to VeraCrypt encrypted volumes? If so, how would PBS unlock them? Also same question regarding WD encrypted external drives… Thanks, Whit

Hi All, As I am new to proxmox, zfs and fio, and before sharing any results, I wanted to confirm that I am doing it right (ie. I am testing the right things and in the right way)! I created a ZFS mirror pool over 2 HDDs for vms only (the proxmox host is on another ZFS pool of SSDs). I...

Hi all, I would like to mount an encrypted disk in my proxmox installation and supply the VMs with data using NFS and Samba. Can proxmox somehow handle encrypted disks (maybe via a GUI), or do I have to manually map and mount the device via cryptsetup?

Hey all, this may be a silly or obvious question but I’m fairly new around here (relatively speaking) so here goes… I am looking to have my HDDs encrypted so that all data cannot be easily accessed if the drives are pulled out of my server. I have the following configuration: |Server |-HDD1...

Hello, I have a ZFS data raid that I use as a data disk for my VMs. My question is: does ZFS encrypt data by default? Do I have to enable Bitlocker style encryption on my Windows VMs or does ZFS natively encrypt the data? thanks

Hi, als Proxmox und ZFS-Einsteiger stehe ich noch vor einem Thema, bei dem ich mich nicht entscheiden kann: Soll ich meine ZFS-Pools verschlüsseln oder mache ich es mir damit unnötig kompliziert? :confused: Ich möchte den Server definitiv ohne Benutzerinteraktion und ohne Abhängigkeit zu einem...

I created a VM and installed Debian with LVM LUKS partition and booted into it with no problems. I then installed Proxmox over this as per wiki and booted into it with no problems BUT I cannot connect to the web interface. Proxmox is working and I can access the console. What am I doing wrong?

I'm using ZFS encryption on some LXC subvol storage, but found that proxmox replication does not natively support them. A single option needs to be added here ...

If I understand correct it is not possible to encrypt an existing dataset? What other options are there to change a vm on an unencrypted dataset to encrypted? Is it possible to create an encrypted dataset and copy the vm disk - without down time? Maybe by using snapshots?

Hello, I am setting up a Proxmox cluster with 3 servers, and 1 shared iSCSI storage. It seems that I can only access this storage in iscsi mode (I asked a question about this at https://forum.proxmox.com/threads/zfs-via-iscsi.74843/post-378849) With this setup, what are my options for VM...

Hi, I have configured a Proxmox Backup Server and added the storage inside the PVE GUI (Datacenter > Storage > Add > Proxmox Backup Server). I also enabled encryption from within the PVE GUI and used the GUI to create a new key. What kind of encryption will this create? The key was only 44...