I am trying to get my head around a clean and secure setup for my data store.
Currently I have NC running in Docker on a Raspi on Raspbian Jessie. There is no proper data directory yet, but I just bought the hardware.
My current plan is- have my clients store their files in NC and have the NC Server do regular backups on Amazon Cloud drive. As they now offer unlimited storage this seems a good idea. But obviously I don’t want to store them unencrypted neither on Amazon nor locally.
NC offer server side encryption but in my eyes this seems to be fairly easy to bypass. It may be that I don’t know enough about the mechanism, but AFAIK you can decrypt all files once you get your hands on the physical server. Also an overhead of 35% on filesize is not so appealing.
My second idea was to use EncFS to create a locked fuse file system that I would easily be able to back up on Amazon. But EncFS is only available in the insecure 1.7.4 for Rasbian in the Repo. and also seems to be a bitch to compile.
EcryptFS seems currently the way to go. But I need to provide the password on each reboot. Might be the only way without storing the secret locally, yet - is there maybe an Idea I didn’t come across yet?