Encrypting Proxmox OS disk - Encrypting data at rest

Aug 1, 2017
11
1
6
44
Hi! Congratulations on the release VE 6.2!


How can I install this with encryption for data at rest for the OS disk?
This is important because my private cloud is not as securely physically stored as it should be.
Any better and more secure solutions is outside of my budget, such as a dedicated hosting location with physical security guards.
Therefore I seek to encrypt data at rest for all data storage containers, including the OS disk.
 
Thank you for your reply and advice. My question was not regarding the data layer / storage for virtual machines or containers.

I explicitly need to know how to encrypt the Proxmox OS disk.

I don't need to know how to encrypt the data storage for VM's and containers.

For the record, I am already encrypting the VMS and containers using LUKS with ZFS beneath it, and it works perfectly. Everything including sub volumes for containers and VMs and so on.
 
Last edited:
There is a lot of hackery involved if you need to unlock your OS disk via SSH, otherwise you always have to type in the encryption key at boot via the local or remote console. There was a howto a few years ago there in/on the forums.
 
Yeah. I think I will stay clear of Dropbear SSH hacking. I have physical access to the infra, it is my physical private cloud after all. So I don't mind entering the passphrase.

But this is very important! I hope the option of encrypting the root partition will see its way to the standard functionality of Proxmox.
 
Encrypting a partition is still possible with LUKS (see aarons comment above), but I think you mean the root dataset with PVE.

Yes in ZFS lingo I do. However I would be happy with EXT4 and LUKS just to get the job done.

I will go the hacky road as others have mentioned and linked to. It's not that bad of a procedure.
 
just bumping this up to see if there are any updates on this? also any progress on vTPM?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!