I’m looking for secure storage options for my Nextcloud VPS instance. My ideal scenario would be to find geographically distributed 256-bit encrypted storage where I control the encryption keys.
Nextcloud’s encryption features are completely worthless: The server-side encryption stores the keys on the filesystem and anyone with root access can decrypt the files. No one can access my filesystem without root access anyway. And the end-to-end encryption is too buggy to be reliable.
So far, the best setup I’ve found is to connect encrypted Backblaze B2 Cloud Storage as external storage to my Nextcloud instance. Backblaze holds the encryption keys for that though, so they have the ability to access my files. I can also use Cryptomator for end-to-end encryption, though it’s not as tightly integrated as I would like.
Are there any external storage solutions for Nextcloud that have end-to-end encryption where I control the keys? It seems like there would be a market for end-to-end encrypted s3 compatible object storage.
What about VPS providers that allow full-disk encryption? If I could set up Nextcloud on a VPS with full-disk encryption, I think that would be one of the more secure options.