this post was submitted on 13 Feb 2026
51 points (100.0% liked)

Selfhosted

59923 readers
507 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
51
Storing encryption keys for backup drives (lemmy.world)
submitted 4 months ago* (last edited 4 months ago) by janne_fran_innsbruck@lemmy.world to c/selfhosted@lemmy.world
15 comments fedilink hide all child comments
 

I'm planning to setup backup on my nas with the 3-2-1 backup rule.

For the backup disks I want full disk encryption, but I also want to be really sure that I don't lose the encryption keys if I lose my phone and computer where I have my password manager.

What is a good practice to store the encryption key(s)?

One thought I had was to have an unencrypted partition on the backup disks that stores an encrypted keepass database with the key.

Any tips or experiences are welcome.

PS. I want to avoid cloud-based options.

you are viewing a single comment's thread
view the rest of the comments
[–] linuxguy@lemmy.gregw.us 27 points 4 months ago (2 children)

If you're using LUKS don't forget you can dump/backup the header. It isn't the encryption key but is critical if you accidentally do a stupid. As to the keys themselves, how about convert them to qr codes, print them, and store them in a safe.

[–] irmadlad@lemmy.world 10 points 4 months ago

convert them to qr codes,

Never crossed my mind, but that's a good idea. Might have to implement that on my next rotation.

[–] nullroot@lemmy.world 1 points 4 months ago

This is smart.