Can someone point me to some overview or link explaining the options for encryptions and any pitfalls
I should be aware of?
I tried to read up some of the info with respect to AWS server side encryption and wonder if this is good enough? If I enable encryption via cloudberry obviously I need to make sure that I keep the password safe. However what happens if my pc with cloudberry is not available? Can I install a new version on a different pc and then knowing the password get to my files or is something stored on my old pc and required for any decryption?
Any additional and perhaps generic guidance is highly appreciated.
AWS (as well as other cloud providers) server-side encryption, sometimes called encryption in place, is not a substitute for client-side encryption. You should use both. You just need to remember your passcode to decrypt the data on restore. Nothing is stored on you PC that’s needed for a restore to take place. If you lose your passcode, the data cannot be restored, so store it safely in a password safe or similar.
David, just a follow up. I did a test with "double" encryption and while I could see the file in my AWS bucket and download it manually directly from AWS, I was not able to open/decrypt it without cloudberry.
Using the restore function within cloudberry of course worked fine.
So if my house burns down and my pc is toast, I will need to be able to access the password and reinstall MSP on a different pc to access anything stored that way. I guess in such a case I could not "release" my license but that would be the least of my problems in that situation. However, if you reinstall MSP on a new computer and try to access your AWS buckets, will there be any problem accessing the data if the backup plans are not on your new pc?
Restoring is easy. All you'd need to do is use the same computer prefix and synchronize the data and it will recreate the local DB from the data in the cloud. But you'll need you encryption key to restore.
Thank you - can you please clarify what you mean by computer prefix? If the computer does not exist anymore, that means that is some information I need to store in addition to the key, right? Where do I find that information?
Sorry, David, another followup - I managed to access the previous backups done via my old computer, so can now see under Backup Storage a number of different folders. I wan to clean this up as some of these folders are either emply, either because I created a folder and have not done any backup or made some mistake during set up. I don't see any feature to delete these? .
Also, looking at the Storage Accounts Window under Welcome, some Storage Accounts show used space 0 bytes. I might have set up these folders directly in AWS - can I delete them from Cloudberry somehow or only from S3?
I think in between the computer names, the bucket names and the backup plan names I am making my life more difficult than necessary, especially as some folders will show up in Backup Storage under different storage accounts.