I would like to encrypt all my data while in transit and at rest. Where unencrypted file metadata is stored? Data Encryption documentation (https://www.bacula.org/5.2.x-manuals/en/main/main/Data_Encryption.html) explains the following.
"The implementation does not encrypt file metadata such as file path names, permissions, and ownership. Extended attributes are also currently not encrypted. However, Mac OS X resource forks are encrypted.” Where is this file metadata stored and handled? Is this metadata the File Attributes described at end of this page https://www.bacula.org/5.2.x-manuals/en/main/main/What_is_Bacula.html ? Is this file metadata then stored unencrypted at the following locations? - Volumes - Catalog Is this unencrypted data then exposed to the following components? - Storage Daemon - Director - File Daemon, quite naturally Also, this information needs to then travel the network connections in the picture where it says File Attributes? I suppose I can then use Bacula TLS (https://www.bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html) to protect all that unencyrpted data between the File Daemon, Storage Daemon and Director. Securing Director - Catalog DBMS connection is then out of scope of Bacula. Encrypting those will ensure my data is protected while in transit? In order to encrypt all data in transit and at rest I need to - Enable Data Encryption for the Volumes - Configure Bacula TLS - Encrypt database connectivity to Catalog DBMS or host it at Director - Encrypt disks on the machines having these components: File Daemon, Director, Catalog, Storage Daemon, Physical Media Did I got it right? _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
