I would like to run Paperless in my homeserver. While this server is not running sensitive data, this would change once paperless gets to manage all my invoices, bank statements, health docs and so on. So while running my Proxmox VMs and LXCs unencrypted, in this case I’d like to encrypt paperless-ngx data so that if someone steals the machine, manual decryption would be necessary. Does anyone have an idea how to achieve that?

  • TheHolm
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 years ago

    Put docker to ZFS ( you should do it anyway regardless of encryption) and use ZFS native encryption. Benefits over other filesytems that you can load/unload decryption keys to sensitive data only when need to access it. And you can backup it in encrypted form, so you backup software will never see plain text. You can do similar stuff with VeraCrypt or other encrypted volumes and bind mount.