Adding Encryption To A Remote After The Fact
-
Did a little digging and I don't think I've seen anything about this on the forum before so wanted to post.
Does anyone know how Xen Orchestra behaves if you add an encryption key to a remote after said remote has already been used for unencrypted backups?
I'm planning to start encrypting everything I upload in the near future, if it's as simple as adding a key that's great, but I am guessing it's better to create a new remote (and new bucket) and then just restart all the backups with the new remote?
Or should I re-create the backup jobs entirely?
-
Question for @florent
-
@planedrop you can't change the remote encryption if the remote is not empty
in the future we intend to be able to use rolling encryption ( that is encrypting the new block/file with the new key ) to permit an easier upgrade and key rotation
-
@florent OK gotcha, I figured this was the case.
So best option would be to create a new backup job, encrypt that to a new remote, then go back and delete all the old stuff when ready?
