[PVE-User] How to secure the PBS Encryption Key
Tom Weber
pve at junkyard.4t2.com
Mon Nov 1 14:58:53 CET 2021
Hello,
in
https://forum.proxmox.com/threads/cant-set-an-symlink-in-etc-pve-for-zfs-encryption.96934/
fireon describes his problem securing the PBS encryption key.
I think his solution is only a workaround.
Suppose I encrypt local VM/Data storage on a node (without the / beeing
unencrypted for ease of booting/remote management), I end up with a PBS
Encryption Key lying around in clear that anyone who can get hands on the
machine can get.
Now all it needs is access to a remote PBS with the synced encrypted Backups
to get all the protected data that was in the VMs/CTs lying on encrypted
storage of the orignal node.
This is probably not a Problem of PVE or PBS on their own. But in
combination I think it's a weakness. "Stealing" hardware should not give you
such cleartext keys.
Any idea how to circumvent this? My first idea was the same direction as
fireon's by symlinking the key from some secure space - but this obviously
doesn't work.
Some way to manually unlock the key after booting the node or maybe an area
(folder) in /etc/pve/ that'd need unlocking for storing such information -
though that's probably quite some development effort?
Best,
Tom
More information about the pve-user
mailing list