Encryption

Encryption converts your data into an output indistinguishable from random bytes that's impossible to reverse without a key. Without encryption, accessing your data on any server—whether physical or virtual—is merely a question of administrative access: the hosting provider, law enforcement with a warrant, or any attacker who compromises the system can simply read your files.

Full-disk Encryption

Servers hard disks should be encrypted with a specific key or passphrase that you control. The passphrase is entered at the boot process of the server to decrypt the data for use.

We recommend using full-disk encryption software such as LUKS.

Keys to the kingdom 🔑

Losing your encryption key means nobody can read the data, including you!

Keep your encryption keys safe, for example, by storing them in a password manager.

Read Hetzner's guide for enabling full-disk encryption on a Hetzner-hosted server.

Before encrypting, taking a snapshot and backing up your data ensures you can recover if anything goes wrong.

Key Escrow

Some cloud hosting providers will offer server-side encryption or key escrow. We recommend avoiding these features, since lets the hosting provider decrypt your data without your knowledge or permission. Store your encryption keys where only you can access them.