Project

General

Profile

Feature #26924

Add file-level encryption to Cloud Sync

Added by Steve Wong 12 months ago. Updated 5 months ago.

Status:
Done
Priority:
Important
Assignee:
Vladimir Vinogradenko
Category:
GUI (new)
Target version:
Estimated time:
Sprint:
Severity:
New
Backlog Priority:
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

A customer wants the ability to have files automatically encrypted using a common key before they are pushed up to a public cloud like Amazon or Backblaze. That way when the files arrive at the cloud provider, they will be encrypted and remain that way. Conversely, when files are pulled back down to the TrueNAS, the files are automatically unencrypted using the same common key.

The reasoning for this RFE is that the customer has have sensitive student files that they want to push to the cloud for DR purposes but they do not want those files to be unencrypted. I suspect this will be a feature most customers would want.

There also needs to be some way to back up the common keys and to share them with other TrueNAS systems.


Related issues

Related to FreeNAS - Umbrella #28496: Add Cloud Sync encryption supportDone
Related to FreeNAS - Bug #34954: Make encryption_salt non-required field for Cloud Sync TaskDone
Copied to FreeNAS - Feature #33261: Add file-level encryption to Cloud Sync Done

Associated revisions

Revision 1862fbbb (diff)
Added by Vladimir Vinogradenko 12 months ago

feat(backup): Add file level encryption to the cloud sync feature

Ticket: #26924

Revision 44ff1b71 (diff)
Added by Vladimir Vinogradenko 12 months ago

fix(backup): Encrypt passwords in database

Ticket: #26924

Revision 0e3f813b (diff)
Added by Dru Lavigne 6 months ago

Mention new Cloud Sync fields in intro.
Ticket: #26924

Revision 575a875f (diff)
Added by Dru Lavigne 5 months ago

Define new cloud sync fields and tighten up intro to this section.
Ticket: #26924

Revision df88c147 (diff)
Added by Dru Lavigne 5 months ago

Update legacy UI for new cloud sync fields.
Ticket: #26924

Revision 6ad10cbb (diff)
Added by Dru Lavigne 5 months ago

Add updated screenshot for cloud sync.
Ticket: #26924

History

#1 Avatar?id=14398&size=24x24 Updated by Kris Moore 12 months ago

  • Status changed from Untriaged to Unscreened
  • Assignee changed from Kris Moore to Vladimir Vinogradenko

This sounds doable. Vladimir, can you add this to the middleware for cloud-sync? Once thats done we can do it in new UI next. I'm thinking we can use the crypt function of rclone here pretty easily.

https://rclone.org/crypt/

#2 Updated by Dru Lavigne 12 months ago

  • Private changed from No to Yes

#3 Updated by Vladimir Vinogradenko 12 months ago

  • Status changed from Unscreened to Needs Developer Review
  • Assignee changed from Vladimir Vinogradenko to William Grzybowski

#4 Updated by Vladimir Vinogradenko 12 months ago

  • Status changed from Needs Developer Review to Reviewed by Developer
  • Assignee changed from William Grzybowski to Vladimir Vinogradenko

#5 Updated by Vladimir Vinogradenko 11 months ago

  • Status changed from Reviewed by Developer to Ready For Release

#6 Updated by Dru Lavigne 11 months ago

  • Description updated (diff)
  • Private changed from Yes to No

#7 Avatar?id=13649&size=24x24 Updated by Ben Gadd 10 months ago

  • Status changed from Ready For Release to Done

#8 Updated by Dru Lavigne 10 months ago

  • Subject changed from Add file level encryption to the cloud sync feature to Add file-level encryption to Cloud Sync
  • Needs Merging changed from Yes to No

#9 Updated by Dru Lavigne 7 months ago

  • Status changed from Done to Ready for Testing

#10 Updated by Dru Lavigne 6 months ago

  • Copied to Feature #33261: Add file-level encryption to Cloud Sync added

#11 Updated by Dru Lavigne 6 months ago

  • Status changed from Ready for Testing to Blocked
  • Severity set to New
  • Reason for Blocked set to Dependent on a related task to be completed

This needs to make it into the new UI (copied ticket) for doc/QA purposes.

#12 Updated by Dru Lavigne 6 months ago

Initial doc commit: https://github.com/freenas/freenas-docs/commit/0e3f813b9277497e67ad9efb67bab2fbb76a7e88. More to come once fields are added to new UI.

#13 Updated by William Grzybowski 6 months ago

Should this one be marked as Done then? Since we have a new one for UI.

#14 Updated by Dru Lavigne 6 months ago

  • Status changed from Blocked to Ready for Testing

#15 Updated by Dru Lavigne 6 months ago

  • Reason for Blocked deleted (Dependent on a related task to be completed)

#16 Updated by Dru Lavigne 6 months ago

#17 Updated by Dru Lavigne 5 months ago

New UI doc commit: https://github.com/freenas/freenas-docs/commit/575a875fef05fe505cd217f433642aedecd2878e
Warren will create PRs to improve the existing tooltips and add the missing ones.

#18 Updated by Warren Block 5 months ago

#19 Updated by Dru Lavigne 5 months ago

  • Related to Bug #34954: Make encryption_salt non-required field for Cloud Sync Task added

#20 Avatar?id=17238&size=24x24 Updated by Zackary Welch 5 months ago

  • Needs QA changed from Yes to No

Tested push/pull with remote encryption to Google Cloud and it appears encrypted in the Cloud and de-encrypted when pulled. The feature is documented and functional.

#21 Updated by Dru Lavigne 5 months ago

  • Status changed from Ready for Testing to Passed Testing

#22 Updated by Dru Lavigne 5 months ago

Still need to port doc changes to master before this can be considered done.

#23 Updated by Dru Lavigne 5 months ago

  • Related to Bug #34951: Separate S.M.A.R.T. email addresses with spaces added

#24 Updated by Dru Lavigne 5 months ago

  • Related to deleted (Bug #34951: Separate S.M.A.R.T. email addresses with spaces)

#25 Updated by Dru Lavigne 5 months ago

  • Status changed from Passed Testing to Done
  • Needs Doc changed from Yes to No

Also available in: Atom PDF