Virtual machine encryption

[gernazdasch]

Hello.

Is it possible to encrypt a certain virtual machines (not all) from Proxmox?

Of course i could use internal OS encryption per each VM, but i was wondering if i can do it from Proxmox itself.

One idea would be to encrypt /home/encrypted_vms and mount it every time you want to use the encrypted VMs. This can be achived using LUKS, Veracrypt and others (https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software)

How to do this and what other variants are available?

Thank you.

 

[Dunuin]

In case ZFS is used you could encrypt a dataset using ZFS native encryption and create another ZFS storage pointing to that dataset. Virtual disks stored om that storage will then inherit the encryption and will be encrypted too.

But not great if you are running a cluster as VMs encrypted this way won't be migratable.

Also consider full system encryption, so your logs, swap etc won't leak sensible data. Woudn't be that useful if you encrypt your VM, you then start it, it will store unlocked files in RAM and RAM will be swapped out to the unencrypted swap partition.

 

[gernazdasch]

I was thinking of making a volume in VeraCrypt containing the disk, then mount it everytime i boot up. I don't know if will encrypt ram and swap and i don't know how i might check it. I am also looking for a portable solution, ZFS is not. I also use a lot of LVM and LVM thin so it won't be a good solution for me.