Enabling Storage Encryption
As an administrator, you can encrypt managed disk storage for compliance and security reasons.
To enable storage encryption:
Before you can enable encryption, you must meet the following requirements:
|Only required if default path |
for openssl.cnf has been changed.
Set your custom path to the SSL configuration file by overriding the config value of SSL_CONF_FILE in cloudconfig.php.
In Windows, for example, if you have XAMPP installed in D:\xampp, then add the following line to cloudconfig.php.
By default, the encryption module is not enabled.
You can enable the encryption module in two ways:
- If FIPS mode is active:
In order to ensure FIPS Mode is on, enable the FIPS Admin Banner by accessing (WEBROOT/config/localstorageconfig.php file ) and adding the following:
If you don't use FIPS mode:
Edit the WEBROOT/config/localstorageconfig.php file.
Add the following line:Additional Parameter To Enable Encryption
define("TONIDO_LOCALSTORAGE_INCLUDEENCRYPTION", 1 );
1 - enable encryption for local managed storage
0 - disable encryption
After you enable the encryption module, the admin portal displays the encryption option.
If an optional master password is specified, then retain the password for future use.
Without this password the encryption module cannot encrypt or decrypt files in FileCloud storage.
To manage encryption:
- Open a browser and log in to the admin portal.
- From the left navigation pane, under SETTINGS, select Settings.
- Select the Storage tab and then the My Files sub-tab.
- An Encryption option now appears.
To open the Manage Storage Encryption screen, click Manage.
You can set an optional password
- When you set a password while enabling encryption, you may create a recovery key.
- This recovery key is a private key file, which can be used to reactivate the encrypted filesystem in the case of a lost password.
If the recovery key option is selected, the recovery key file becomes available only once for download.
- Once the recovery key is downloaded, the option to download it is not shown again.
- To set an optional password, in Encryption Password, type in a strong password.
- To perform the necessary initialization of the encryption module, click Enable Encryption.
Once encryption is successfully initialized, another step is necessary if your FileCloud server had existing files in local storage.
If your local storage already contains files:
If there are unencrypted files in the existing storage system, another screen is shown.
- Click Encrypt All to encrypt the existing files.
- When all the existing files are encrypted, the status window provides you with a Note.
If your local storage doesn't contain pre-existing files:
- You will not see an Encrypt All button.
- Your system is already in a fully-encrypted state.