Determine how to deal with encryption during server migrations

[artis3n]

Without recovering the encryption keys or decrypting all data, migrating to a new Nextcloud installation will cause all files to be unrecoverable.

We can either:

• grab the encryption keys from these locations and copy them onto the new installation as part of a migration playbook
  • data/<user>/files_encryption
    • Users’ private keys and all other keys necessary to decrypt the users’ files
  • data/files_encryption
    • private keys and all other keys necessary to decrypt the files stored on a system wide external storage
  • If the keys are not there, run occ encryption:show-key-storage-root to get the current location of the keys

or

• run the occ encryption:decrypt-all [username] to decrypt all data before migrating it to the new system
  • this would take forever. Probably do not want this.

[abefleming]

I think it would make sense to leave encryption off by default, as most people who would use nextcloud utilize it internally, and would also prefer better performance to better security. It should be available as a configuration option, but not by default.

As for moving the user files to a new instance, it is stated that moving the data directory is not supported and can cause issues Nextcloud forum on Data Dir.

One option for users, is to create a local backup by syncing nextcloud to their local machine. Once the new nextcloud instance is available, simply sync the backup to the new nextcloud sync directory. I have not found a way to move the files personally without some kind of rather roundabout way, since Nextcloud will only recognize files that are indexed during syncing, and not when they are added into the data directory on the server side.