From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BA62E6075C for ; Thu, 26 Nov 2020 10:44:09 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B1FBCD70D for ; Thu, 26 Nov 2020 10:44:09 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id E7A7AD703 for ; Thu, 26 Nov 2020 10:44:08 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AB8C544055 for ; Thu, 26 Nov 2020 10:44:08 +0100 (CET) Date: Thu, 26 Nov 2020 10:44:02 +0100 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20201126082050.9442-1-f.ebner@proxmox.com> In-Reply-To: <20201126082050.9442-1-f.ebner@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1606383796.cc63kpp6bw.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.024 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Subject: [pve-devel] applied: [PATCH docs] pbs storage: consistently talk about the storage key X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Nov 2020 09:44:09 -0000 with followup in pve-manager for the same issue: diff --git a/www/manager6/storage/PBSEdit.js b/www/manager6/storage/PBSEdit= .js index 81edb2a0..e7585de0 100644 --- a/www/manager6/storage/PBSEdit.js +++ b/www/manager6/storage/PBSEdit.js @@ -40,7 +40,7 @@ Ext.define('PVE.Storage.PBSKeyShow', { }, { xtype: 'component', - html: gettext('Keep your master key safe, but easily ac= cessible for disaster recovery.') + html: gettext('Keep your encryption key safe, but easil= y accessible for disaster recovery.') + '
' + gettext('We recommend the following safe= -keeping strategy:'), }, { On November 26, 2020 9:20 am, Fabian Ebner wrote: > instead of master key. >=20 > Signed-off-by: Fabian Ebner > --- >=20 > Sorry, I missed this yesterday. >=20 > pve-storage-pbs.adoc | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) >=20 > diff --git a/pve-storage-pbs.adoc b/pve-storage-pbs.adoc > index a382082..c22f5b3 100644 > --- a/pve-storage-pbs.adoc > +++ b/pve-storage-pbs.adoc > @@ -101,19 +101,19 @@ a key on that system. If the system then becomes in= accessible for any reason > and needs to be restored, this will not be possible as the encryption ke= y will be > lost along with the broken system. > =20 > -It is recommended that you keep your keys safe, but easily accessible, i= n > +It is recommended that you keep your key safe, but easily accessible, in > order for quick disaster recovery. For this reason, the best place to st= ore it > is in your password manager, where it is immediately recoverable. As a b= ackup to > this, you should also save the key to a USB drive and store that in a se= cure > place. This way, it is detached from any system, but is still easy to re= cover > from, in case of emergency. Finally, in preparation for the worst case s= cenario, > -you should also consider keeping a paper copy of your master key locked = away in > -a safe place. The `paperkey` subcommand can be used to create a QR encod= ed > -version of your master key. The following command sends the output of th= e > -`paperkey` command to a text file, for easy printing. > +you should also consider keeping a paper copy of your key locked away in= a safe > +place. The `paperkey` subcommand can be used to create a QR encoded vers= ion of > +your key. The following command sends the output of the `paperkey` comma= nd to > +a text file, for easy printing. > =20 > ---- > -# proxmox-backup-client key paperkey --output-format text > qrkey.txt > +# proxmox-backup-client key paperkey /etc/pve/priv/storage/.= enc --output-format text > qrkey.txt > ---- > =20 > Because the encryption is managed on the client side, you can use the sa= me > --=20 > 2.20.1 >=20 >=20 >=20 > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >=20 >=20 >=20 =