Skip to content

docs(admin): restructure and update server-side encryption documentation #13754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

docs(admin): restructure and update server-side encryption documentation #13754

wants to merge 6 commits into from

Conversation

joshtrichards
Copy link
Member

@joshtrichards joshtrichards commented Oct 5, 2025
edited
Loading

This PR updates and improves the server-side encryption documentation.

  • Adds context about "encryption" to help readers understand Server-Side Encryption (SSE) in relation to other encryption solutions (within Nextcloud and those provided by operating systems, etc.).
  • Improves clarity throughout the documentation.
  • Reorganizes and streamlines content for better readability.
  • Adds additional reference links.
  • Fixes outdated comments and notes.
  • Expands and clarifies information on key management modes and encryption methods.
  • Consolidates encryption troubleshooting entries from the General Troubleshooting chapter, bringing all related troubleshooting content together.

Note: In-depth implementation details remain in the dedicated "Details" chapter, which is not affected by this PR.. Same goes for occ encryption section in the occ command reference chapter.

☑️ Resolves

Follow-up items:

🖼️ Screenshots

(works better if you open the screenshot image in a new tab then clicked on again to view it full-size)

image

@joshtrichards
refactor(admin): Rewrite Server-Side Encryption chapter
d6828a7 
Updated the server-side encryption documentation.

- Reorganized and streamlined
- Improved clarity throughout
- Fixed a few outdated comments/notes
- Additional reference links
- Added context of "encryption" to help reader understand SSE in the context of other encryption solutions (both within Nextcloud and provided by their OS/etc)
- Expanded/clarified key management modes and encryption methods a bit

Signed-off-by: Josh <[email protected]>
@joshtrichards joshtrichards added this to the Nextcloud 33 milestone Oct 5, 2025
@joshtrichards joshtrichards mentioned this pull request Oct 9, 2025
Open
This was linked to issues Oct 9, 2025
Warn about clear paths with Server Side Encryption (SSE) #13722
Open
Improvements for the encryption section #5282
Open
@joshtrichards
docs(encryption): Add links to occ encryption in cmd ref guide
99c7075 
Added a tip for further encryption command examples and details.

Signed-off-by: Josh <[email protected]>
@joshtrichards joshtrichards mentioned this pull request Oct 9, 2025
Open
20 tasks
@joshtrichards
refactor: Integrate encryption troubleshooting sections
17b8cf1 
Moved them all to the Encryption chapter rather than having them split between there and the general troubleshooting chapter.

And cleaned up some grammar and typos.

Signed-off-by: Josh <[email protected]>
@joshtrichards
reactor: consolidate encryption troubleshooting into enc. chapter
9a30dfb 
Signed-off-by: Josh <[email protected]>
@joshtrichards joshtrichards changed the title refactor(admin): Rewrite Server-Side Encryption chapter docs(admin): restructure and update server-side encryption documentation Oct 13, 2025
@Toorero
Copy link

Toorero commented Oct 15, 2025

It would be cool if you could mention that occ:fix-encrypted-version will (most likely) lead to data loss on the corrupted files since it will "just" roll-back to the most recent version that has a valid signature discarding more recent versions with signature errors.

alexanderdd
alexanderdd reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

@alexanderdd alexanderdd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this. Sorry, I don't have time to look at this at the moment.

@joshtrichards
Copy link
Member Author

fix-encrypted-version will (most likely) lead to data loss on the corrupted files since it will "just" roll-back to the most recent version that has a valid signature discarding more recent versions with signature errors.

@Toorero Can you clarify? The "version", in the context of SSE, is the encryption metadata version (not File Versions). The command just tries a bunch of different possible encryption versions. It doesn't touch file content or roll back to any prior file versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexanderdd alexanderdd alexanderdd left review comments

@artonge artonge artonge approved these changes

@weizenspreu weizenspreu Awaiting requested review from weizenspreu

@PVince81 PVince81 Awaiting requested review from PVince81

@schiessle schiessle Awaiting requested review from schiessle

@rakekniven rakekniven Awaiting requested review from rakekniven

@come-nc come-nc Awaiting requested review from come-nc

Assignees

No one assigned

Labels

3. to review feature: encryption (client-side) feature: encryption (server-side) manual: admin

Projects

None yet

Milestone

Nextcloud 33

Development

Successfully merging this pull request may close these issues.

Warn about clear paths with Server Side Encryption (SSE) Improvements for the encryption section

4 participants

@joshtrichards @Toorero @artonge @alexanderdd