[JamesAdir]

Hetzner are great but you can't encrypt Hetzner Storage boxes. How do you keep your setup secured?

[V__]

Most of my files are private but not sensitive, so I basically just trust them for those. A few sensitive files, which don't fit on the encrypted VPS, are encrypted classically using Veracrypt. I hope Nextcloud will support encrypting externally in the future, but for my use case it's not a big deal.

[JamesAdir]

Thanks for the answer. So you've created a VeraCrypt file on your nextcloud folders?

[V__]

Yes, it gets synched just like any other file inside my Nextcloud. However, if you have to often change the data inside, it might not be a suitable solution, since the file has to be uploaded as a whole. If it's a big container, it might be cumbersome to upload a few gig each time you make a small change.

[JamesAdir]

Yes. Cryptomator is better in this regard.

[V__]

I will have to take a look, thanks for the recommendation.

[KennyBlanken]

Nextcloud supports e2ee with a variety of controls, specifically for object storage on an untrusted host.

[JamesAdir]

The keys are stored in the a folder on the server. I don't think it's good enough.