Hi,
inspecting backups and restoring singe files is possible using the WebUI in PVE by navigating to the PBS storage > Backup > selecting backup > File Restore. For cli you can use the proxmox-file-restore, see https://pbs.proxmox.com/docs/command-syntax.html#proxmox-file-restore
This is already possible: You can inspect backups also from the PBS itself, just select the datastore, got to the contents tab and for the corresponding snapshot select the archive/disk you want to inspect. This however only works if the backups are not encrypted, as the encryption key is client side, so the server cannot decrypt the contents.can this be added to PBS ?
i am surprise i didnt found this option in PBS ..!
This however only works if the backups are not encrypted, as the encryption key is client side, so the server cannot decrypt the contents.
But you can already do the single file restore from the WebUI on the PVE host itself (also for encrypted backups, the key being stored on PVE side). So not sure what to gain from this. The server should not be able to decrypt encrypted backups (although passing in the key temporarily would be possible, not sure however if we want to support such a feature). What would be the use case for this?Just an idea: would it be possible to enter the encryption key temporarily for the wanted access to an encrypted backup? Session-only, the key should get deleted from ram when I close my browser.
Should I open a feature request on bugzilla for this, or is it not realistic? Or in development already? ;-)
Fetching a single file from a backup is really inconvenient via cli compared to the nice Web UI.
Good point!But you can already do the single file restore from the WebUI on the PVE host itself (also for encrypted backups, the key being stored on PVE side)
Maybe if I have only one PVE and that hardware died... and I do not like the command line. Okay, far fetched ;-)What would be the use case for this?
Yeah, there might be some use cases where this could be handy, so feel free to open a bug report. Than we can evaluate further if allowing to pass a in-memory only key for decryption for encrypted snapshots might be feasible and what the security implications are.Good point!
I have no current case, but I occasionally tried to download a (single) file from PBS. Realizing it is encrypted I went the CLI-way...
Sidenode: I am not the Thread starter, I just hijacked it with my not-so-helpful idea...
Maybe if I have only one PVE and that hardware died... and I do not like the command line. Okay, far fetched ;-)