Backup encryption

[Clericer]

I have seen that in Proxmox Backup is an option to encrypt the backups.
In proxmox itself i couldn't find a way to protect the containers and vms.
LXCs are directorys if somone gets the backup it's easy to get all data stored in the backup archive.
Is there a hidden option in Proxmox scheduled backup job to enable encryption with key or password?
Is something like this planed if its not already included?

 

[VictorSTS]

The traditional backup (vzdump to a file) is just a bit copy of whatever is in the source. Three options come to my mind atm:

• Encrypt the VM / CT if possible.
• Use LUKS or ZFS encryption in the storage (disk, NFS, etc) used as destination of the backups. You will have to somehow type the password to decrypt the storage so it can be used by PVE.
• Implement Proxmox Backup Server and make use of it's advantages.

As always, protect your backups as much as possible from undesired access.

 

[Clericer]

That are great tips thank you VictorSTS. I wil give it a try maybe i will run a script which encrypt the backup container when there is a new backup via cron.
But an included solution would be great.

 

[Daniel_Dog]

Personally I also upload the backups to cloud storage so that if anything happens to it I can still get the VM back from cloud backup.
I did it with rclone since rclone is easy to use and supports encrypt/decrypt storage on the fly and out of the box.

I have not tested this myself but I think it is also possible to setup a local remote and then add encyption to the local remote. The only thing left is to make script to upload it to the local encrypt location.

If you want a close to plug and play you may want to look at my implementation:
https://github.com/Daniel-Dog-dev/p...es/Proxmox-VE/custom-scripts/backup_upload.sh (Use at your own risk.)