Hi, I obviously have not tried it, but if you compile a pre-release version of ZFS on Linux with the encryption support, then from the point of view of PVE it should be a regular ZFS pool with regular zvols and the encryption key will only be in the memory of your PVE server and the owner of the iscsi storage will not be able to decrypt the data.
slightly out of date example: https://blog.heckel.xyz/2017/01/08/zfs-encryption-openzfs-zfs-on-linux/ I think you'd start with compiling the 0.8.0 rc1: https://github.com/zfsonlinux/zfs/tree/zfs-0.8.0-rc1 Regards, Alex On Fri, Oct 5, 2018 at 7:55 AM Martin LEUSCH <[email protected]> wrote: > Hi, > > I have a Proxmox cluster and use LVM over iSCSI as storage. As I didn't > own the iSCSI server, I plane to encrypt some disk image to increase > confidentiality. > > Firstly, I didn't found a way to encrypt iSCSI target or LVM logical > volume and use them in Proxmox, is there a way to achieve that? What > about ZFS over iSCSI or other configuration? > > An other way is to encrypt data at the guest OS level by using LUKS for > data partition for example but my VMs need to start without any manual > action to keep high availability on my VMs. Are there any tools that can > help to keep LUKS keys in secure location? > > Any other suggestion to do encryption with Proxmox? > > Sincerely, > Martin > _______________________________________________ > pve-user mailing list > [email protected] > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
