Serverside encrytion with OIDC Auth Backend

hello dear nextcloud folks,

running an open nextcloud instance für my customers and blog readers, not encryption set yet, wanted to activate encryption, but I am using keycloak authentication backend for login, so no pw stored on the server. How does it work then, what options do I have, using a master key? I dont find it well documented on the nextcloud docs.

Enabling encryption will do the job and nextcloud will use encryption as soon as the user relogs in via keycloak?

Can I use the occ encrypt all command only when the user has relogged in for the first time?

any of you having experience with that?

greetings!

anyone here that has a similar setup? Should be the same with other auth backends

No solution. But server side encryption is only a security feature if you use external storage at another hoster e.g. object storage S3 at Amazon, … Where do you host your Nextcloud and where your data?

If both on same server then the admin and/or hoster can decrypt it in seconds.