How to Enable Encryption on Proxmox Backup Server?

Proxmox Backup Server offers two methods to enable encryption: through the Encryption checkbox or AES-256 client-side encryption in GCM mode. The former is a quick setup via the interface, while the latter offers more customization options.

download-icon
Free Download
for VM, OS, DB, File, NAS, etc.
dan-zeng

Updated by Dan Zeng on 2024/02/28

Table of contents
  • How does Proxmox encrypt backups?

  • How to encrypt Proxmox VM in Vinchin Backup & Recovery?

  • Proxmox Backup Encryption FAQs

  • Conclusion

Are you looking for a robust VM backup solution? Try Vinchin Backup & Recovery!↘ Download Free Trial

Proxmox Backup Server encrypts data in order to protect the privacy and security of backup data. This means that even if someone has unauthorized access to the backup files, they will not be able to read their contents. This security measure helps to ensure that sensitive information in the backup data is not disclosed, while also meeting the standards of data privacy and security. Whether there is a problem with the backup data transmission or storage process, your data is effectively protected.

How does Proxmox encrypt backups?

For Proxmox backup encryption, there are two ways to realize encryption protection of backup data. The Encryption checkbox provides a quick and easy way to implement Proxmox backup encryption, while AES-256 client-side encryption in GCM mode provides more flexibility and customization options. You can choose the encryption method that suits your needs and preferences.

Enable Encryption checkbox

Use Encryption checkbox for Proxmox Backup Server encryption is a fast and intuitive way for users who want to enable backup encryption quickly and do not need to perform complex configuration. You can enable this feature on the Proxmox Backup Server in a few simple steps.

Just click Datacenter > StorageProxmox backup > Encrytpion. In this way, all backups will be saved encrypted.

AES-256 Client-Side Encryption in GCM Mode

This approach involves configuring client-side encryption using AES-256 in GCM mode. This encryption method is more flexible and allows users to customize encryption settings and key management. Users can configure client-side encryption through the web interface or CLI, customizing it to their needs and preferences. This type of encryption is authenticated, and it not only provides high-performance data transfer, but also completes the encryption process before the data reaches the server.

To utilize Proxmox encrypted backup, following these steps:

Step 1: Create encryption key

Generate an encryption key using the command:

proxmox-backup-client key create my-backup.key

Follow the prompts to set an encryption key password, ensuring security.

Encryption Key Password: **************

You need to manually enter the password in the command line interface and press the Enter. The password will not be displayed on the screen for security purposes. After entering the password, the system will generate an encryption key file "my-backup.key" which will be used for subsequent encryption and decryption operations.

Step 2: Create encrypted backups

With the encryption key created, you can now generate an encrypted backup using the following command:

proxmox-backup-client backup etc.pxar:/etc --keyfile /path/to/my-backup.key
Password: *********
Encryption Key Password: **************

Replace "etc.pxar:/etc" with the actual file or directory path for backup. Specify the path to the previously created key file using the --keyfile parameter. With the --keyfile parameter, you need to specify the path /path/to/my-backup.key of the previously created key file.

Note:

Password: You need to enter the password that will be used to protect the generated backup file. Note that this password is different from the password for the encryption key.

Encryption Key Password: Provide the password for the encryption key created earlier.

How to encrypt Proxmox VM in Vinchin Backup & Recovery?

Although Proxmox Backup Server provides backup encryption options, Vinchin Backup & Recovery goes a step further in data security. Vinchin provides an additional layer of protection for backup data by encrypting the virtual machine backup data and the transmission process, ensuring data privacy and integrity.

Vinchin utilizes the SSL protocol to secure backup data during transmission over the Internet, preventing unauthorized access and eavesdropping. In addition, Vinchin backup software has built-in specialized ransomware protection technology to safeguard the integrity of backup data from corruption or encryption in the event of a cyber-attack, such as a ransomware attack. Meanwhile, Vinchin's disaster recovery settings help users quickly restore backup data in the event of a catastrophic event, minimizing business interruption time.

To encrypt Proxmox VM in Vinchin Backup & Recovery is very simple, just a few simple steps. 

1. Just select VMs on the host 

2. Then select backup destination 

3. Select strategies, turn on Data Encryption here

4. Finally submit the job

Vinchin provides backup support for various virtualization platforms, enabling businesses to customize their backup solutions according to their requirements. Compatible platforms include Proxmox, Xenserver, VMware, Hyper-V, XCP-ng, and more. Additionally, Vinchin offers a free 60-day trial for users to test our functionality in real-life scenarios. Users can contact Vinchin directly or get in touch with our local partner for more details and assistance.

Proxmox Backup Encryption FAQs

Q: What happens if I lose the encryption key or password?

A: Losing the encryption key or password may result in data loss, as encrypted backup files cannot be accessed without them. It is crucial to store encryption keys or passwords securely and implement proper key management practices to prevent data loss.

Q: Can I encrypt backups stored in remote locations or cloud storage?

A: Yes, Proxmox backup encryption can be applied to backups stored in remote locations or cloud storage, ensuring data security regardless of the storage location.

Q: Does AES 256 encryption works on SQL Server backup?

A: SQL Server can be installed on Proxmox VM and you can choose to backup the VM or only the database. SQL server backup encryption is a feature that allows users to encrypt their database backups, enhancing security and protecting sensitive data. You can enable SQL Server Backup Encryption through various methods, such as T-SQL commands, SQL Server Management Studio (SSMS), or using backup software solutions that support encryption.

Conclusion

In summary, Proxmox Backup Server prioritizes data security with encryption measures, while Vinchin Backup & Recovery offers a comprehensive suite of enhanced security features, including encryption, SSL transmission, ransomware protection, and disaster recovery settings. Vinchin's user-friendly interface makes it easy to encrypt VMs, and users can explore its functionality risk-free through a free trial period.

Share on:

Categories: VM Backup