6109R CT Disk Encryption

On Aventurin{e} 6109R it is possible to encrypt the virtual hard disk of Containers with a strong passphrase. In order to start the Container (or even to simply mount it's disk or file area) the master node needs to know the Encryption Passhphrase. This phrase is stored in /etc/vz/ploop/<CT-name>.ploopkey and this file is only readable by user 'root'.

During backups the Encryption Passhphrase is *NOT* backed up. So please make sure that you keep safe records of your Container Encryption Passphrases somewhere.

That way you can even store Container backups on remote storage that isn't entirely secure and can still have reasonable (but not perfect) expectation that the encrypted disk of containers is pretty difficult to access.

During container creation via the Aventurin{e} GUI you can enable Container Encryption and can set your strong passphrase:

Beyond this the GUI doesn't provide support for disabling Encryption of CT virtual disks or the ability to change the passphrase once it is set.

However: This can be done manually from the command line. For more information on how this is done please refer to the documentation.