Am I misunderstanding or is the only way to enable encrypted remotes is to enable encryption on the primary storage as well?
What do you understand under “encrypted remotes”? If you use some kind of hard disk encryption on e.g. your remote PC, this doesn’t require an encryption of the primary storage.
I understand there is an option to disable home storage encryption on the page.
I also understand this lovely warning when enabling server-side encryption:
Once encryption is enabled, all files uploaded to the server from that point forward will be encrypted at rest on the server. It will only be possible to disable encryption at a later date if the active encryption module supports that function, and all pre-conditions (e.g. setting a recover key) are met.
I don’t want the files stored locally to be encrypted, and the error above specifies they will be encrypted.
My setup also uses S3 as primary storage, so not sure if that would negate the “home” encryption option.