Question How to follow advice "enable backup encryption on the cloud storage side"?

[watou]

That's why any user should read up on the documentation of the cloud storage provider

Perhaps you're misunderstanding me? I cannot see inside the Plesk source code for the settings/params it uses to talk to the external services, so no amount of reading up on the cloud storage provider's documentation is going to answer those questions. And when you share information here in the forum as you did above that is not in the documentation, you learned it from some source that is not readily accessible to new users, hence my request that such information is added to the documentation where we expect to find it. I really do think I'm being clear here, so please forgive me if I refrain from rephrasing my point one more time? All the best!

 

[Kaspar]

[...] I cannot see inside the Plesk source code for the settings/params it uses to talk to the external services, so no amount of reading up on the cloud storage provider's documentation is going to answer those questions.

This would be based on the (false) assumption that during a backup Plesk manages the cloud storage security settings/parameters (ie. whether or not backups are stored privately or publicly and/or are encrypted at rest). Which isn't the case. Plesk only uploads (transports) the backups the cloud storage provider. Any security settings/parameters are managed with the cloud storage provider. Plesk has no influence on these settings (which would a security risk in itself).

And when you share information here in the forum as you did above that is not in the documentation, you learned it from some source that is not readily accessible to new users, hence my request that such information is added to the documentation where we expect to find it. [..]

That's false as well. I actually found the information in the DigitaloOcean Spaces documentation. Which is publicly available to anyone.

 

[watou]

Thank you for confirming that you've completely misunderstood all that I've said, and that I am not in fact losing my mind. All the best!

 

[hello_world.c]

Reviving this old thread since I am looking for the same thing. S3 storage offers this:

Using server-side encryption with customer-provided keys (SSE-C) - Amazon Simple Storage Service

To use your own custom keys to encrypt the objects that you store on Amazon S3, use server-side encryption with customer-provided encryption keys (SSE-C).

docs.aws.amazon.com

But it requires the S3 client (like Plesk backup) to maintain the encryption key and use it for any access. Is this implemented and if not, any ETA?

 

[Sebahat.hadzhi]

Currently, there are no plans for implementing the encryption method in question on Plesk's side. There's an existing feature request and you may vote for it here. However, taking into account the popularity of the request thus far, I doubt that it will be considered soon. The backup software is not designed to directly interact with S3 for storing backups, but only for sending them to S3.

 

[hello_world.c]

Currently, there are no plans for implementing the encryption method in question on Plesk's side. There's an existing feature request and you may vote for it here. However, taking into account the popularity of the request thus far, I doubt that it will be considered soon. The backup software is not designed to directly interact with S3 for storing backups, but only for sending them to S3.

Thank you. That's disappointing because the work required on Plesk's side would be minimal, all the heavy lifting re. encryption/decryption would be done on the side of the S3 server. And the benefit would be great.