encryption

I'm looking at using a low powered QDEVICE as my third NODE in a 2 node cluster. I don't have a local connection between the nodes or the qdevice, so I'll be relying on the WAN. Is corosync traffic encrypted, or should I consider protecting it in some way ie a VPN or other tunneling technique?

Hello Proxmox Community, I'm just trying to mount my SMB/CIFS Storage for my backups. For this I rent a Storage Box at Hetzner, they offer SAMBA/CIFS and more but SMB is the only method Proxmox supports of them. At the bottom of the page...

Hello all I'm quite new on PVE but have so far played around with 2 thin clients on driffrent vlans running a few VMs each, mostly linux dist, HASS, and a few LXC. So I have some grasp on how to find my way around. But google and the forum have failed me on this, for me, pretty important...

Hi, Right now I'm writing a tutorial on how to best setup an encrypted PVE node. But the question is now how to best set up the encrypted swap? As far as I see there are 3 options and none of them is really great: Option 1.) Just a LUKS encrypted swap partition on a single disk. Not that...

Hello, I have a bunch of questions about setting up storage in a recommended/safest way. My end goal is that I have a NAS with a few storage "buckets" that I can mount/share into other vm's or externally via samba, nfs, etc. The tricky thing is, I want all(or some) of the storage to be...

Hello everyone! I am currently setting up offsite backups to a PBS instance I don't own, so I want to use client side encryption. My PVE runs on an encrypted ZFS root that it also uses for VM disks. Since ZFS supports exporting raw encrypted datasets without the key (i.e. zfs send -w), I was...

Hello everyone, I just discovered something really odd regarding the encrypted backups to pbs and I wanted to share. I have setup my encrypted backup to a locally hosted pbs instance. The encryption key is stored in client at etc/pve/priv/storage/<STORAGE-ID>.enc. If you remove this file...

Hello all, I have seen an understand the benefits of setting up a base image/template with Cloud-Init, so similar VMs can very easily be setup when needed. My question is... can these Cloud-Init template/images can be setup with LUKS encryption without losing any features? Will it still be able...

The documentation talks about enabling encrypted snapshots when using Proxmox Backup Server, but doesn't mention enabling encryption for backup up elsewhere (for example, to a SMB server). Is there any way to enable encryption on all snapshots? I'm hoping to use the web interface to set up...

Hi, i got 2 questions to properly secure my data. The setup is one server running PVE an another server running PBS. All on premise. The VMs are stored on thin-provisioned LVMs that are encrypted using LUKS. The key is stored on a hardware token. I am really happy with that. Works great and...

Hi If I create an encrypted ceph cluster, are encryption keys stored in /etc/pve/priv/ or /var/lib/ceph/mon?

Hello I'm deploying a Proxmox/ceph cluster consisting of 3 physical nodes. I'd like to encrypt the whole ceph storage. I know there is an 'Encrypt' checkbox when creating OSDs, but it encrypts/decrypts automatically as needed and only protects when a system is off/disk taken out of the node...

Hi. One quick question. Is it a safe practice to passthrough LUKS encrypted disk to VM by pointing to /dev/mapper/ mounted disk ? I know VM can handle the whole encryption thing, but I have special needs :) Thanks in advance

Hello all, Quick question… does anyone know if it’s possible to use PBS to backup to VeraCrypt encrypted volumes? If so, how would PBS unlock them? Also same question regarding WD encrypted external drives… Thanks, Whit

Hi All, As I am new to proxmox, zfs and fio, and before sharing any results, I wanted to confirm that I am doing it right (ie. I am testing the right things and in the right way)! I created a ZFS mirror pool over 2 HDDs for vms only (the proxmox host is on another ZFS pool of SSDs). I...

Hi all, I would like to mount an encrypted disk in my proxmox installation and supply the VMs with data using NFS and Samba. Can proxmox somehow handle encrypted disks (maybe via a GUI), or do I have to manually map and mount the device via cryptsetup?

Hey all, this may be a silly or obvious question but I’m fairly new around here (relatively speaking) so here goes… I am looking to have my HDDs encrypted so that all data cannot be easily accessed if the drives are pulled out of my server. I have the following configuration: |Server |-HDD1...

Hello, I have a ZFS data raid that I use as a data disk for my VMs. My question is: does ZFS encrypt data by default? Do I have to enable Bitlocker style encryption on my Windows VMs or does ZFS natively encrypt the data? thanks

Hi, als Proxmox und ZFS-Einsteiger stehe ich noch vor einem Thema, bei dem ich mich nicht entscheiden kann: Soll ich meine ZFS-Pools verschlüsseln oder mache ich es mir damit unnötig kompliziert? :confused: Ich möchte den Server definitiv ohne Benutzerinteraktion und ohne Abhängigkeit zu einem...

I created a VM and installed Debian with LVM LUKS partition and booted into it with no problems. I then installed Proxmox over this as per wiki and booted into it with no problems BUT I cannot connect to the web interface. Proxmox is working and I can access the console. What am I doing wrong?