I would like to run Paperless in my homeserver. While this server is not running sensitive data, this would change once paperless gets to manage all my invoices, bank statements, health docs and so on. So while running my Proxmox VMs and LXCs unencrypted, in this case I’d like to encrypt paperless-ngx data so that if someone steals the machine, manual decryption would be necessary. Does anyone have an idea how to achieve that?

  • @vegetaaaaaaa
    link
    English
    101 year ago

    Full disk encryption of the underlying disk (cryptsetup/LUKS)

  • TheHolm
    link
    fedilink
    English
    51 year ago

    Put docker to ZFS ( you should do it anyway regardless of encryption) and use ZFS native encryption. Benefits over other filesytems that you can load/unload decryption keys to sensitive data only when need to access it. And you can backup it in encrypted form, so you backup software will never see plain text. You can do similar stuff with VeraCrypt or other encrypted volumes and bind mount.

    • MorganCS (she / her)
      link
      English
      11 year ago

      Did they ever resolve the massive slowdown issues when using docker volumes on zfs?