Thank you for the response. I am with you 100% on backups. My real question was, How does one backup crypto volume metadata? Given that it can be backed up, clearly it should be, but there is no information in any of the cited documentation as to where the metadata is or how to back it up.
Thanks! Nathan > Does a softraid(4) crypto volume require metadata backup? (I am > running amd64 OpenBSD 6.9 if it is relevant, will probably > upgrade in the next few months.) > > I understand FreeBSD GELI (e.g.) requires such a backup to protect > against crypto-related metadata corruption rendering the encrypted > volume inaccessible. > > Neither the OpenBSD disk FAQ nor the man pages for softraid(4) or > bioctl(8) have anything to say about the matter. Web searches also > turn up no relevant information. Storage requires backup. Encrypted storage is (by design) more fragile than unencrypted storage. Sounds like you are trying to protect against ONE form of storage failure and avoid the solution you really need to have: a good backup system, to deal with *all* forms of storage failure. I'd suggest a good backup system...to deal with ALL forms of data loss. Yes, encrypted storage implies a certain care has to be taken with the backups as well, you need to pick a solution that is appropriate for your needs -- or accept that yeah, stuff will go bye-bye someday. I don't see a benefit to trying to protect against some single failure mode when all the other failure modes still exist. If you have good backups, you are good. If you don't, dealing with a 1% problem isn't going to change much. Nick.
