Example Data Encryption Configuration

When configuring the FD, use the keys generated above in a FD configuration file that will look something like the following:

FileDaemon bacula-fd.conf

FileDaemon {
    Name = example-fd
    FDport = 9102    # where we listen for the director
    WorkingDirectory = /opt/bacula/working
    Pid Directory = /var/run
    Maximum Concurrent Jobs = 20

    PKI Signatures = Yes   # Enable Data Signing
    PKI Encryption = Yes   # Enable Data Encryption
    PKI Keypair = "/opt/bacula/etc/fd-example.pem"   # Public and Private Keys
    PKI Master Key = "/opt/bacula/etc/master.cert"   # ONLY the Public Key
}

You must restart your File Daemon after making this change to the file.

Note

The PKIMasterKey directive is not mandatory, but if used will allow you to decrypt the files if ever the FD PKIKeypair is lost. If you loose the FD’s PKIKeypair, you will not be able to recover your data unless you have used a PKIMasterKey.

See also

Go back to:

• Encryption Technical Details

• Generating Encryption Keys

• Data Encryption Configuration

Go to:

• Decrypting with Master Key

Go back to the File Daemon Data Encryption chapter.

Go back to the main Data Encryption chapter.

Go back to the main Advanced Features Usage page.