From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 0EAD31FF13A for ; Wed, 01 Apr 2026 09:55:59 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AC6A4110E5; Wed, 1 Apr 2026 09:56:18 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup 08/20] api: config: allow encryption key manipulation for sync job Date: Wed, 1 Apr 2026 09:55:09 +0200 Message-ID: <20260401075521.176354-9-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260401075521.176354-1-c.ebner@proxmox.com> References: <20260401075521.176354-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775030088620 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.063 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: HQEQCKPNRL5WQJLLZMFJ7MIHKF67J5H5 X-Message-ID-Hash: HQEQCKPNRL5WQJLLZMFJ7MIHKF67J5H5 X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Since the SyncJobConfig got extended to include an optional encryption key, set the default to none. Extend the api config update handler to also set or delete the encryption key based on the provided parameters. They encryption key will be used to encrypt unencrypted backup snapshots (push) or decrypt snapshots with matching key fingerprint (pull) during the sync. Signed-off-by: Christian Ebner --- src/api2/config/sync.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs index dff447cb6..e69b0a1ae 100644 --- a/src/api2/config/sync.rs +++ b/src/api2/config/sync.rs @@ -345,6 +345,8 @@ pub enum DeletableProperty { UnmountOnDone, /// Delete the sync_direction property, SyncDirection, + /// Delete the encryption_key property, + EncryptionKey, } #[api( @@ -471,6 +473,9 @@ pub fn update_sync_job( DeletableProperty::SyncDirection => { data.sync_direction = None; } + DeletableProperty::EncryptionKey => { + data.encryption_key = None; + } } } } @@ -530,6 +535,10 @@ pub fn update_sync_job( data.sync_direction = Some(sync_direction); } + if let Some(encryption_key) = update.encryption_key { + data.encryption_key = Some(encryption_key); + } + if update.limit.rate_in.is_some() { data.limit.rate_in = update.limit.rate_in; } @@ -705,6 +714,7 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator run_on_mount: None, unmount_on_done: None, sync_direction: None, // use default + encryption_key: None, }; // should work without ACLs -- 2.47.3