Snapshot / backup encryption

F

frame1538

New Member
Jul 5, 2022
2
0
1
The documentation talks about enabling encrypted snapshots when using Proxmox Backup Server, but doesn't mention enabling encryption for backup up elsewhere (for example, to a SMB server). Is there any way to enable encryption on all snapshots?

I'm hoping to use the web interface to set up automated daily snapshots and encrypt them locally before sending them off site for archival. Unfortunately I don't see any straightforward way to do this.
 
That won't work out of the box. Also keep in mind that encrypted snapshots in case of PBS doesn't mean "snapshot snapshots" but "backup snapshots". PBS or Vzdump can't backup any ZFS or LVM snapshots. PBS just calls a single backup a "backup snapshot". See the "terminology" section of the PBS documentation:

Backup Snapshot​

The triplet <type>/<ID>/<time> is called a backup snapshot. It uniquely identifies a specific backup within a datastore.

Backup Snapshot Examples
vm/104/2019-10-09T08:01:06Z
host/elsa/2019-11-08T09:48:14Z

As you can see, the time format is RFC3339 with Coordinated Universal Time (UTC, identified by the trailing Z).
Click to expand...


In case you really want to send encrypted snapshots you could encrypt your local ZFS pool and then use "zfs send | ssh" together with "zfs receive" to replicate your encrypted pool with all its snapshots to a remote/offsite ZFS pool.

If you don't need snapshots and backups would be fine too, you could write your own hook-script. It could automatically encrypt your local backup files, upload them somewhere and delete the local files after each backup task has finished.

Or you just get a offsite PBS server. Got the benefit of real backups but way faster than Vzdump and might even consume less space than using snapshots.
If your guests aren't changig that much, storing 100 backups of the same VM won't consume much more space than a single backup, because of deduplication. I personally don't use ZFS snapshots anymore and switched from Vzdump+ZFS Snapshots to just PBS. Saved me alot of space.
 
Last edited:
Thanks for the tip about ZFS -- I'll definitely look into that. I'm comfortable writing my own script to handle scraping local backups, I was just hoping to avoid reinventing the wheel. And yes, I'm definitely focused on backups.

The end game I'm hoping for is a way to set up automatic, recurring, encrypted backups to an offsite location through the web interface.
 
frame1538 said:
The end game I'm hoping for is a way to set up automatic, recurring, encrypted backups to an offsite location through the web interface.
Click to expand...
You really should have a look at PBS as it will do all that. You of cause need a remote server then and not just a network share or cloud storage.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom