On 10/21/24 1:45 AM, Stefan G. Weichinger wrote: >
So that means for best protection I would need "storage daemon data volume encryption"? Or even better: enable both?I assume enabling both would add overhead in terms of CPU usage etc
Hello Stefan,Not sure I would call FD encryption plus SD encryption "better", only because you have the added task of managing the keys/certs on the client(s) in addition to the SD re-encrypting the already FD-encrypted data and you needing to make sure the encryption key files for each SD-encrypted cloud volume are safely maintained. :)
So, more CPU use on client(s). and on SD, and more admin work, but yes, data would be encrypted twice in such a setup.
Is there a working example somewhere? Just setting "Volume Encryption = yes" leads to issues labelling the volumes here, I assume that a keypair is needed somewhere. thanks
In addition to setting "Volume Encryption = yes" in each of your your SD's cloud devices, you also need the following in your SD's top-level configuration:
----8<---- EncryptionCommand = "/path/to/key-manager.py getkey" ----8<---- The actual path will depend on the Bacula community maintainer for your distro. :) Hope this helps, Bill -- Bill Arlofski w...@protonmail.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
