Well, I'd argue that using ZFS features it the "native Proxmox way" But either way ...
There are a couple options:
Full disk encryption using LUKS. There are ways to do it, but that's probably a little overkill for regular use cases.
Guest-side encryption - for example, setting up LUKS inside your virtual host directly. This means you must ensure that secrets are never leaked in any way.
Secrets (like passphrases and keys) are stored in RAM once they have been used, which means you should never do or allow anything that could write the VM's RAM to disk. (E.g. suspend to disk ("hibernate"), turning on swap!). This would make it theoretically possible to read your passphrase or key from a swapfile or similar. Also, no snapshots with "include RAM".
I really wish there was a GUI option for encrypting the VM/LXC disk; Virtualbox can do this and you have to enter a password when starting/resuming the VM
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.