Backups are suddenly encrypted after manually adding encryption key to PVE

[Sempiterna]

I wanted to restore an encrypted backup on one of my PVE servers, so I manually (via the command line) added the encryption key to the server in /etc/pve/priv/storage/ . I double checked to see if the GUI still shows "Do not encrypt backups" for this specific PBS storage, which it did.

However, I just noticed today that new backups which are created on this server are now encrypted (the backup tree is showing "mixed" for encrypted). Is that how it should be?

 

[Stefan_R]

That's how it currently works yes, we encrypt backups if a key exists in /etc/pve, otherwise we don't. The GUI on the other hand takes it's information from the storage.cfg, also in /etc/pve.

To ensure consistency, you should use either the GUI or the 'pvesm' tool to manage encryption keys (see 'man pvesm', search 'encryption' or our documentation).

 

[Sempiterna]

Ah, ok. So if i want to restore an encrypted VM or CT on a PVE which creates unencrypted backups, I should attach the same storage to the PVE, but with a different name so that they don't mix up?

 

[Stefan_R]

Ideally you would have two different datastores for that, but your solution should work too, yes.