Is there a native Proxmox way to do this? If the answer is "no", should I use Veracrypt or some ZFS features in order to do it?
Encrypt Virtual Machine disk
- Thread starter kamzata
- Start date
Well, I'd argue that using ZFS features it the "native Proxmox way" 
But either way ...
There are a couple options:
I hope these couple of pointers help!
But either way ...There are a couple options:
- Full disk encryption using LUKS. There are ways to do it, but that's probably a little overkill for regular use cases.
- Guest-side encryption - for example, setting up LUKS inside your virtual host directly. This means you must ensure that secrets are never leaked in any way.
- Secrets (like passphrases and keys) are stored in RAM once they have been used, which means you should never do or allow anything that could write the VM's RAM to disk. (E.g. suspend to disk ("hibernate"), turning on swap!). This would make it theoretically possible to read your passphrase or key from a swapfile or similar. Also, no snapshots with "include RAM".
- Using ZFS and making an encrypted dataset. There's even a decent post about it, which should still be relevant today. We also have a little bit of documentation regarding this.
I hope these couple of pointers help!
I really wish there was a GUI option for encrypting the VM/LXC disk; Virtualbox can do this and you have to enter a password when starting/resuming the VM