From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 33CF71FF13A for ; Wed, 15 Apr 2026 17:20:07 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CCFF318D5D; Wed, 15 Apr 2026 17:20:06 +0200 (CEST) Message-ID: Date: Wed, 15 Apr 2026 17:20:02 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH proxmox-backup v3 21/30] ui: expose assigning encryption key to sync jobs To: =?UTF-8?Q?Michael_K=C3=B6ppl?= , pbs-devel@lists.proxmox.com References: <20260414125923.892345-1-c.ebner@proxmox.com> <20260414125923.892345-22-c.ebner@proxmox.com> Content-Language: en-US, de-DE From: Christian Ebner In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1776266325278 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.069 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: RTU2CXJMCYA4S33RZNYF442PEWP3GWYQ X-Message-ID-Hash: RTU2CXJMCYA4S33RZNYF442PEWP3GWYQ X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/15/26 4:47 PM, Michael Köppl wrote: > On Tue Apr 14, 2026 at 2:59 PM CEST, Christian Ebner wrote: > > [snip] > >> + column2: [ >> + { >> + xtype: 'box', >> + style: { >> + 'inline-size': '325px', >> + 'overflow-wrap': 'break-word', >> + }, >> + padding: '5', >> + html: gettext( >> + 'Active encryption key is used to encrypt snapshots which are not encrypted on the source during sync. Already encrypted contents are unaffected, partially encrypted contents skipped if set.', > > @Daniel and I discussed this off-list during testing and both found it > a bit difficult to understand at first glance what this means. Perhaps > something like this could improve it, also using active voice: > > "When pushing, the system uses the active encryption key to encrypt > unencrypted sources snapshots. It leaves existing encrypted content > as-is, and skips partially encrypted content if the skip setting is > turned on." > >> + ), >> + cbind: { >> + hidden: '{!syncDirectionPush}', >> + }, >> + }, >> + { >> + xtype: 'box', >> + style: { >> + 'inline-size': '325px', >> + 'overflow-wrap': 'break-word', >> + }, >> + padding: '5', >> + html: gettext( >> + 'Associated keys store a reference to keys in order to protect them from removal without prior disassociation. On changing the active encryption key, the previous key is added to the associated keys in order to protect from accidental deletion in case it still is required to decrypt contents.', > > same as above, perhaps something like: > > "To prevent premature removal, associated keys hold a reference to a key > until you explicitly unlink it. When you change your active encryption > key, the system automatically associates the old key to protect it from > accidental deletion, ensuring you can still decrypt older contents." > >> + ), >> + cbind: { >> + hidden: '{!syncDirectionPush}', >> + }, >> + }, >> + ], >> + }, >> ], >> }, >> }); > Agreed, thanks for the suggestions: will incorporate these!