Browsing host encrypted archive?

F

Fred Saunier

Well-Known Member
Aug 24, 2017
55
2
48
Brussels, BE
Hi,

Browsing host archive is easy as clicking the Browse icon in the GUI. However, that icon is only accessible when the archive is created with no encryption. Is there any way to browse an encrypted archive from the browser, providing it with the backup.key one way or the other?
 
Fred Saunier said:
Is there any way to browse an encrypted archive from the browser, providing it with the backup.key one way or the other?
Click to expand...

only the client can access the content of encrypted backups since the server does not have the key, however, from proxmox-backup-client tool with catalog shell flag but don't forget the .enc file with the flag --keyfile for example list the storage backups:

Bash: 
proxmox-backup-client snapshots --repository PBSIP:DATASTORAGE

shell interact

Bash: 
proxmox-backup-client catalog shell host/PBSHOST/SNAPSHOT  disk.pxar --repository PBSIP:DATASTORAGE --keyfile /home/USER/PBS.enc


https://pbs.proxmox.com/docs/backup-client.html?highlight=pxarexclude#interactive-restores
 
a browser on the PVE side (where the key is available) is on our todo list as well, FWIW.
 
  • Like
Reactions: Moayad
A way to put the key from a server backup (proxmox-backup-client backup ... --keyfile ... --repository ...) on the backup server into the GUI or somewhere else would be very nice to be able to browse also encrypted backups. Is that realistic to hope?
 
the PVE side can already do that (if the PBS storage is configured with the matching key of course ;)) - technically it would be possible to do that on the PBS side as well, but the whole idea of encrypting the backups is so that you don't have to trust the PBS server with the plain data, if you give it the key, then you might as well store unencrypted backups in the first place? also a datastore can contain backups encrypted for many keys, so it's not quote as straight-forward as on the client side..
 
fabian said:
the PVE side can already do that (if the PBS storage is configured with the matching key of course ;)) - technically it would be possible to do that on the PBS side as well, but the whole idea of encrypting the backups is so that you don't have to trust the PBS server with the plain data, if you give it the key, then you might as well store unencrypted backups in the first place? also a datastore can contain backups encrypted for many keys, so it's not quote as straight-forward as on the client side..
Click to expand...
True.

> the PVE side can already do that (if the PBS storage is configured with the matching key of course ;))

Just out of curiosity - where would you do that?
 
you setup a PBS storage with encryption, and then any backups made to it by PVE will use that key, and browsing/restoring will do the same.
 
You must log in or register to reply here.
Top Bottom