From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id A76DC606D6 for ; Thu, 26 Nov 2020 09:21:26 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9E26BC96F for ; Thu, 26 Nov 2020 09:20:56 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 861C0C95D for ; Thu, 26 Nov 2020 09:20:55 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 52A54454F5 for ; Thu, 26 Nov 2020 09:20:55 +0100 (CET) From: Fabian Ebner To: pve-devel@lists.proxmox.com Date: Thu, 26 Nov 2020 09:20:50 +0100 Message-Id: <20201126082050.9442-1-f.ebner@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.009 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH docs] pbs storage: consistently talk about the storage key X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Nov 2020 08:21:26 -0000 instead of master key. Signed-off-by: Fabian Ebner --- Sorry, I missed this yesterday. pve-storage-pbs.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pve-storage-pbs.adoc b/pve-storage-pbs.adoc index a382082..c22f5b3 100644 --- a/pve-storage-pbs.adoc +++ b/pve-storage-pbs.adoc @@ -101,19 +101,19 @@ a key on that system. If the system then becomes inaccessible for any reason and needs to be restored, this will not be possible as the encryption key will be lost along with the broken system. -It is recommended that you keep your keys safe, but easily accessible, in +It is recommended that you keep your key safe, but easily accessible, in order for quick disaster recovery. For this reason, the best place to store it is in your password manager, where it is immediately recoverable. As a backup to this, you should also save the key to a USB drive and store that in a secure place. This way, it is detached from any system, but is still easy to recover from, in case of emergency. Finally, in preparation for the worst case scenario, -you should also consider keeping a paper copy of your master key locked away in -a safe place. The `paperkey` subcommand can be used to create a QR encoded -version of your master key. The following command sends the output of the -`paperkey` command to a text file, for easy printing. +you should also consider keeping a paper copy of your key locked away in a safe +place. The `paperkey` subcommand can be used to create a QR encoded version of +your key. The following command sends the output of the `paperkey` command to +a text file, for easy printing. ---- -# proxmox-backup-client key paperkey --output-format text > qrkey.txt +# proxmox-backup-client key paperkey /etc/pve/priv/storage/.enc --output-format text > qrkey.txt ---- Because the encryption is managed on the client side, you can use the same -- 2.20.1