What is the value of NC encryption over encrypted local storage?

So, I have set-up NC a while back with encryption enabled, and my locally-attached storage is also encrypted (the key is not on the server, I need to manually unlock the drive every time the server boots-up).

Now that I have been runninc NC for some time, I know the architecture better, I think, and I’m therefore wiser, I hope.

I am wondering what attack scenario having NC encrypion enabled protects me against.

  • Someone steals my hardware => already protected by disk-level encryption.
  • Someone breaks into the NC app (containerised) => they can decrypt the files because they have the same privilieges as the app (access to keys, database, etc.)
  • Someone breaks into another container on the same machine, and manages to break out of the container. If they don’t have root => they will be blocked by file-system permissions, if they do, they can get into the NC container, get the keys, etc.

Don’t get me wrong, I think encryption is useful in some scenarios, like if you store your data on storage that you do not control (remote storage, cloud, virtual servers, etc.).

Given the extra performance cost of NC encryption, I am very tempted to just turn it off and decrypt everything. But before I do so, I just wanted to open the coversation here to check that I am no missing something.

The above (storage that is remote from your Nextcloud Server itself) is the primary use case for the Server-side Encryption feature.