Compatibility between Encrypted and Unencrypted Volumes

CommunityEnterprise

The Volume contains a flag in the header of the first block which indicates whether the Volume is encrypted or not. This status is represented by the VolEncrypted field in the Catalog.

Volumes initialized using Bacula Enterprise Edition version 14.0 or earlier, characterized by the BB02 label format, can be read and appended in version 16 and later.

Volumes initialized or appended using version 16.0 and later, characterized by the BB03 label format, cannot be read with version 14.0 or prior versions.

Note

Bacula does not mix encrypted and unencrypted data inside the same Volume.

Volumes that have been labeled or relabeled on a Device with the directive Volume Encryption are classified as encrypted. Other Volumes, including those initialized with the BB02 format using version 14.0 or earlier, are regarded as unencrypted.

If you enable encryption on your current devices, the unencrypted volumes labeled BB03 can still be read normally. Therefore, it is possible to restore, copy, or migrate data from unencrypted volumes using devices with encryption enabled. However, it is not possible to append encrypted data to these unencrypted volumes. These volumes can be reused normally; in that case, the data written to them will be encrypted.

See also

Previous articles:

• What is Encrypted

Next articles:

• New Storage Daemon Directives

• key-manager Script and Using Master Key

• Best Practices with Volume Encryption

Go back to: Storage Daemon Data Volume Encryption.