From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id A08511FF13A for ; Wed, 15 Apr 2026 16:49:49 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7DA3218592; Wed, 15 Apr 2026 16:49:49 +0200 (CEST) Content-Type: text/plain; charset=UTF-8 Date: Wed, 15 Apr 2026 16:49:15 +0200 Message-Id: From: =?utf-8?q?Michael_K=C3=B6ppl?= To: "Christian Ebner" , Subject: Re: [PATCH proxmox-backup v3 21/30] ui: expose assigning encryption key to sync jobs Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Mailer: aerc 0.21.0 References: <20260414125923.892345-1-c.ebner@proxmox.com> <20260414125923.892345-22-c.ebner@proxmox.com> In-Reply-To: <20260414125923.892345-22-c.ebner@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776264477784 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.103 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: OJAJHGIDLTJ5VAONUHAX2JMOGHGKSC3L X-Message-ID-Hash: OJAJHGIDLTJ5VAONUHAX2JMOGHGKSC3L X-MailFrom: m.koeppl@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Tue Apr 14, 2026 at 2:59 PM CEST, Christian Ebner wrote: [snip] > + column2: [ > + { > + xtype: 'box', > + style: { > + 'inline-size': '325px', > + 'overflow-wrap': 'break-word', > + }, > + padding: '5', > + html: gettext( > + 'Active encryption key is used to encrypt sn= apshots which are not encrypted on the source during sync. Already encrypte= d contents are unaffected, partially encrypted contents skipped if set.', @Daniel and I discussed this off-list during testing and both found it a bit difficult to understand at first glance what this means. Perhaps something like this could improve it, also using active voice: "When pushing, the system uses the active encryption key to encrypt unencrypted sources snapshots. It leaves existing encrypted content as-is, and skips partially encrypted content if the skip setting is turned on." > + ), > + cbind: { > + hidden: '{!syncDirectionPush}', > + }, > + }, > + { > + xtype: 'box', > + style: { > + 'inline-size': '325px', > + 'overflow-wrap': 'break-word', > + }, > + padding: '5', > + html: gettext( > + 'Associated keys store a reference to keys i= n order to protect them from removal without prior disassociation. On chang= ing the active encryption key, the previous key is added to the associated = keys in order to protect from accidental deletion in case it still is requi= red to decrypt contents.', same as above, perhaps something like: "To prevent premature removal, associated keys hold a reference to a key until you explicitly unlink it. When you change your active encryption key, the system automatically associates the old key to protect it from accidental deletion, ensuring you can still decrypt older contents." > + ), > + cbind: { > + hidden: '{!syncDirectionPush}', > + }, > + }, > + ], > + }, > ], > }, > });