>>>>> On Sun, 11 Aug 2019 15:33:11 +0300, Lauri Kiiski said: > > I would like to encrypt all my data while in transit and at rest. Where > unencrypted file metadata is stored? Data Encryption documentation > (https://www.bacula.org/5.2.x-manuals/en/main/main/Data_Encryption.html) > explains the following. > > "The implementation does not encrypt file metadata such as file path names, > permissions, and ownership. Extended attributes are also currently not > encrypted. However, Mac OS X resource forks are encrypted.” > > Where is this file metadata stored and handled? Is this metadata the File > Attributes described at end of this page > https://www.bacula.org/5.2.x-manuals/en/main/main/What_is_Bacula.html ? Is > this file metadata then stored unencrypted at the following locations? > - Volumes > - Catalog > Is this unencrypted data then exposed to the following components? > - Storage Daemon > - Director > - File Daemon, quite naturally > > Also, this information needs to then travel the network connections in the > picture where it says File Attributes? I suppose I can then use Bacula TLS > (https://www.bacula.org/5.2.x-manuals/en/main/main/Bacula_TLS_Communications.html) > to protect all that unencyrpted data between the File Daemon, Storage Daemon > and Director. Securing Director - Catalog DBMS connection is then out of > scope of Bacula. Encrypting those will ensure my data is protected while in > transit? > > In order to encrypt all data in transit and at rest I need to > - Enable Data Encryption for the Volumes > - Configure Bacula TLS > - Encrypt database connectivity to Catalog DBMS or host it at Director > - Encrypt disks on the machines having these components: File Daemon, > Director, Catalog, Storage Daemon, Physical Media > > Did I got it right?
You might also consider possible leakage via the Director's message system (https://www.bacula.org/9.4.x-manuals/en/main/Messages_Resource.html). E.g. filenames might be written there in certain cases such as errors. __Martin _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
