Hi, I’m running a ubuntu based backup server. And was wondering if there’s a simple way to encrypt my drives in case they get swiped or something by a break in. But also in a way that the computer can be restarted and decrypt the drive without me needing to stick a key in everytime. Any ideas? It seems basic but I’m not an expert on all these newfangled encryption terminology, so would like something idiot proof (by idiot proof, not idiot enough to lose/forget the decryption key)
Do encrypted backups with Borgbackup or similar. That means the server never sees the plaintext or the decryption keys. The encryption happens on the client. Since it’s public-key encryption (separate keys for encryption and decryption), the client doesn’t need the decryption key either, except when restoring. So your backup can be automated without secret keys.
Only useful if the backup machine isn’t also used as a hot spare.