How to Encrypt Backup Data - Complete Guide
Question: How do I secure sensitive backup data?
Answer: Use encryption options available
Why Encrypt Backups
Benefits
- Protects from physical theft
- Secures data in transit
- Meets compliance requirements
Option 1: PBS Encryption (Recommended)
Step 1: Create Encryption Key
# Store securely - never share!
echo "your-secure-password" > /root/backup.key
chmod 600 /root/backup.keyStep 2: Configure Encrypted Backup
- Datacenter → Backup → Add
- Enable Encryption
- Enter password or select key file
Step 3: CLI
vzdump --mode suspend \
--vmid 100 \
--storage pbs01 \
--encryption-key-file /root/backup.keyOption 2: GPG Encryption
Step 1: Create Key
gpg --full-generate-key
# Select RSA 4096
# No expiration for backup keyStep 2: Encrypt Backup File
# After backup completes
gpg -e -r your-key-id /var/lib/vz/dump/vzdump-*.tar.gzOption 3: VeraCrypt Container
Step 1: Create Container
# Install veracrypt
apt install veracryptStep 2: Create Encrypted Volume
veracrypt -c backup.vc
# Follow promptsStep 3: Mount and Use
veracrypt backup.vc /mnt/encrypted
cp /var/lib/vz/dump/* /mnt/encrypted/
veracrypt -d backup.vcKeywords
encryption backup-security gpg how-to pbs