Feature request: provide multiple backup encryption keys to be able to restore old encrypted VM/CT backups

[codingspiderfox]

Consider the following situation:

I had an old lab setup with 3 PVE 7.0 Nodes.
All of them were using a single PBS 2.0 Backup Server
Each of the 3 Nodes had it's own Backup Encryption Key

Then I tore apart the 3 Nodes but kept the Backups on the PBS for later use.
Now I got myself a new, single, more powerful server.
I want to restore the backed up VMs/CTs from the PBS to that new server.
As all of the VMs/CTs that were backed up from different nodes are encrypted with different encryption keys, I need to change the encryption key in the PVE UI of the new PVE server everytime I want to restore a backup from the PBS

I would like to have added:
* a new colum "Key Fingerprint" to the following URL https://<PVE_NODE_IP>:8006/#v1:0:=storage%2F<PVE_NODE_NAME>%2F<PBS_NODE_NAME>:4:=jsconsole:=contentBackup:::4:=consolejs:2

* option to add multiple encryption keys to the PVE node for restoring backups from different other nodes at the same - without the node's own encryption key being overwritten. Of course these restore-keys should not be used for new backups created by the PVE node while it's holding multiple keys for restoring

 

[fabian]

as a workaround, you could simply add one storage per key (and note that hovering over the 'Encrypted' column in the storage content view will give you the fingerprint, so you don't need to attempt an action to find out which storage to use as source )

 

[codingspiderfox]

Yes, as a workaround this worked so far.
But it would be way quicker if I could just all the old keys as a readonly keys.

Otherwise I also see a risk of forgetting to change the key back to the server's original own encryption key.

What also would be a nice feature in a clustered Proxmox environment is sharing keys across the cluster node. I think it would be a nice option to have a matrix with checkboxes that controls which Proxmox node can read which encryption key of another node

 

[fabian]

yeah, having some read-only / archived list of keys just for restoring old backups might make sense. having a per-node setting in storage.cfg isn't something we'd like to do - storage.cfg is cluster-wide, if you really want that, it's probably best to setup a storage per node restricted to that node (you can lift the restriction temporarily so that other nodes can restore using the key).

 

[codingspiderfox]

OK

 

[Jarvar]

I'm having issue here as well. Are we not able to use multiple encryption keys per Proxmox server?
I have two sites each with their own Proxmox Server and Proxmox PBS. Since they're different offices I uses a different encryption key per site.
Each Proxmox PBS is synced to an offsite Server. Now when I try to restore offsite to test the images I have put both keys .enc inside the /etc/pve/priv/storage folder of the PVE where the images will be restored to.
I keep getting an error saying the keys don't match.
Any clarification would be helpful. Either I'm doing something incorrect or this is not possible.
Thank you.

 

[fabian]

you can simply define multiple storages on the PVE side (one for each key). it might be prudent to also split them up on the PBS side though, since with different encryption keys no duplication is possible anyway. you can either have different datastores (logically separate and separate chunk store) or different namespaces within a datastore (only logically separate but sharing a chunk store).