all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pbs-devel] [PATCH docs] encryption: add best practice for storing master key
@ 2020-11-10 11:04 Dylan Whyte
  2020-11-10 11:57 ` [pbs-devel] applied: " Dietmar Maurer
  0 siblings, 1 reply; 2+ messages in thread
From: Dylan Whyte @ 2020-11-10 11:04 UTC (permalink / raw)
  To: pbs-devel

Further clarify that the paperkey should be a last resort
recovery option, after a password manager and usb drive.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
 docs/backup-client.rst | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/docs/backup-client.rst b/docs/backup-client.rst
index 1ef42898..125c1fbc 100644
--- a/docs/backup-client.rst
+++ b/docs/backup-client.rst
@@ -367,11 +367,16 @@ To set up a master key:
   and needs to be restored, this will not be possible as the encryption key will be
   lost along with the broken system.
 
-In preparation for the worst case scenario, you should consider keeping a paper
-copy of your master key locked away in a safe place. The ``paperkey`` subcommand
-can be used to create a QR encoded version of your master key. The following
-command sends the output of the ``paperkey`` command to a text file, for easy
-printing.
+It is recommended that you keep your master key safe, but easily accessible, in
+order for quick disaster recovery. For this reason, the best place to store it
+is in your password manager, where it is immediately recoverable. As a backup to
+this, you should also save the key to a USB drive and store that in a secure
+place. This way, it is detached from any system, but is still easy to recover
+from, in case of emergency. Finally, in preparation for the worst case scenario,
+you should also consider keeping a paper copy of your master key locked away in
+a safe place. The ``paperkey`` subcommand can be used to create a QR encoded
+version of your master key. The following command sends the output of the
+``paperkey`` command to a text file, for easy printing.
 
 .. code-block:: console
 
-- 
2.20.1





^ permalink raw reply	[flat|nested] 2+ messages in thread
* [pbs-devel] applied: [PATCH docs] encryption: add best practice for storing master key
  2020-11-10 11:04 [pbs-devel] [PATCH docs] encryption: add best practice for storing master key Dylan Whyte
@ 2020-11-10 11:57 ` Dietmar Maurer
  0 siblings, 0 replies; 2+ messages in thread
From: Dietmar Maurer @ 2020-11-10 11:57 UTC (permalink / raw)
  To: Proxmox Backup Server development discussion, Dylan Whyte

applied, thanks.

But I wonder if it would be better to create an extra subsection 
about "Storing Encryption Keys", because it basically applied to both

 - normal encryption keys
 - and the master key


> On 11/10/2020 12:04 PM Dylan Whyte <d.whyte@proxmox.com> wrote:
> 
>  
> Further clarify that the paperkey should be a last resort
> recovery option, after a password manager and usb drive.
> 
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>  docs/backup-client.rst | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/docs/backup-client.rst b/docs/backup-client.rst
> index 1ef42898..125c1fbc 100644
> --- a/docs/backup-client.rst
> +++ b/docs/backup-client.rst
> @@ -367,11 +367,16 @@ To set up a master key:
>    and needs to be restored, this will not be possible as the encryption key will be
>    lost along with the broken system.
>  
> -In preparation for the worst case scenario, you should consider keeping a paper
> -copy of your master key locked away in a safe place. The ``paperkey`` subcommand
> -can be used to create a QR encoded version of your master key. The following
> -command sends the output of the ``paperkey`` command to a text file, for easy
> -printing.
> +It is recommended that you keep your master key safe, but easily accessible, in
> +order for quick disaster recovery. For this reason, the best place to store it
> +is in your password manager, where it is immediately recoverable. As a backup to
> +this, you should also save the key to a USB drive and store that in a secure
> +place. This way, it is detached from any system, but is still easy to recover
> +from, in case of emergency. Finally, in preparation for the worst case scenario,
> +you should also consider keeping a paper copy of your master key locked away in
> +a safe place. The ``paperkey`` subcommand can be used to create a QR encoded
> +version of your master key. The following command sends the output of the
> +``paperkey`` command to a text file, for easy printing.
>  
>  .. code-block:: console
>  
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel




^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-10 11:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-10 11:04 [pbs-devel] [PATCH docs] encryption: add best practice for storing master key Dylan Whyte
2020-11-10 11:57 ` [pbs-devel] applied: " Dietmar Maurer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal