Whilst I’m sure some people would prefer full disk encryption I’d like to be able to add encrypted folders so that i can then mirror the encrypted data off elsewhere without out having to worry about the nodes it’s getting mirrored to. (I.e the rockstor server would know the encryption key but the other server receiving a copy of the data wouldn’t)
Maybe http://ecryptfs.org/ might be useful, I could install it into rockstor but I’d imagine the gui/rockstor services interfere with the samba config needed to point the share at the encrypted mountpoint instead of the unlaying directory (where the encrypted data would get stored)
+1. I’m sure there are many who replicate data elsewhere and could use encryption-at-rest. Ideally would allow the receiving node only to be encrypted.
+1
In my opinion encryption is one of the most important features for a NAS system. I would tear apart my NAS4free zfs system in an instant if Rockstor offered that already.
However, since I’m willing to try some console configuration in Linux (and not in BSD, which I’m not so familiar with), how much of a hassle could it be to install a ROckstor NAS box based on a few LUKS encrypted hard drives?
More importantly, is it worth it to take on this project now, or should I wait until you have added encryption into the standard installation/configuration process of Rockstor? What might be a realistic waiting time until that arrives?
@tux1337 (not sure which feature you are referencing here as @Dragon2611’s original post, which started this thread, mentions sub-volume level of encryption. This is not something that is currently supported by btrfs, although I believe it’s planned. But as @Dragon2611 states:
which was a sentiment shared by the Rockstor development team and is now something that is supported by Rockstor, both in the stable and release channel updates, as of version:
and the relevant docs mentioned in that release announcement are available in the official docs at: LUKS Full Disk Encryption
Hope that helps by way of an update and apologies to @Anders for not updating this thread in a more timely manner.
@phillxnet
I mean the ability to have encrypted shares. Not on an level like LUKS implement it. I mean encryption on a filesystem level like ecryptfs to have the ability to copy the encrypted data out of rockstor (for example into the cloud) efficently.
ecryptfs and rsync does a good job for this use case.
I know that sub-volume level of encryption is “planned” by btrfs, hopefully it will be implemented in the future after google is interested in this feature.
But for my use case this would not help. So +1 for ecryptfs support.
I use rclone to copy data to external services (clouds, harddrives,…) and it encrypts on-the-fly. If I remember correctly I created a topic about this.
There is no GUI but it’s easy to use via CLI.
Since Google is evaluating btrfs for android at the moment there are people working on the built-in encryption of the file system again.