Does Bacula support encryption by using the AES-chip which is integrated in LTO-7 Tapedrive? Or is there a plugin like "stenc" that could be integrated in Bacula?
Asked
Active
Viewed 495 times
2
-
I really don't want to advertise here, but we've used Bareos (a fork of bacula) with LTO encryption successfully. Everything is built into the bareos-sd and bareos-dir without the need for any scripting. – Andreas Rogge May 05 '19 at 21:23
1 Answers
2
I was able to get this to work with the use of a tape library, by modifying the autochanger script to set the encryption key after each tape had been loaded into the drive.
I did this by modifying /etc/bacula/scripts/mtx-changer and changing the load condition to enable encryption before returning:
load)
...
stenc -f $device -e on -a 1 -k /path/to/my.key
exit $rtn
;;
I am not sure exactly how you could do it if you don't have a tape library, as the drive can only have an encryption key set when there is a tape loaded. Possibly you would have to manually run stenc after inserting each tape.
Malvineous
- 1,095
- 11
- 28