I can’t find a resource regarding encryption on exfil for TrueCloud Backup tasks: are my snapshots leaving the servers encrypted or not?
On standard cloud syncs to Backblaze I’m use to set passwords and salts for encryption, but there’s no such option of TrueCloud. Both this post and the guide confirm that the password field has nothing to do with data encryption per se.
I understand storeJ is about distributed encrypted storage, but does that mean that everything is tied to the encryption password we set in StoreJ?
Sorry for the noobism, but I have to sync about 2 TB of data out and I’d like to understand more!
thank you for answering. Yes, I’m running Scale latest 24.10.1.
In the meantime I tested a couple of buckets and the files in the bucket browser on storej look encrypted (don’t I feel dumb now…), organised in a bespoke folder structure with a config file attached.
I was not aware the password was required now: I didn’t try to set a task up without one, so I didn’t get the error.
I was caught out by the absence of a Seed and explicit remote encryption options as on Core, I guess.
The Guide states this on the password field:
Enter a password for the backup repository. Record this password in a secure location. Required to recreate the task using the same bucket/folder, such as in a new TrueNAS install or system, or to restore data from the existing snapshots in another TrueNAS system.
It does say that it is needed to restore data to another TrueNAS, but it’s not clear if it’s to protect from starting any unauthorized restoring of potentially unecrypted data or to decrypt the data.
I think the docs could be made more explicit as to what arguments from the restic command this password is used for, or state that there is some level of local encryption going on before exfil. There is no mention of it in the doc page for Electric Eel.
