I don’t do full disk encryption on my backups. I use duplicity and encrypt the backups with three gpg keys: one that is for the IT department with a known passphrase, one for the business with a different known passphrase, and my personal key.
I’m a one man show but I set this up with the future in mind. Different data might not have all three keys, but this arrangement allows me to spin off bits of the data management as needed. The passphrases can be changed as/when needed without invalidating old backups.
Combined with ssh certificates it helps organize my IT needs.
I don’t do full disk encryption on my backups. I use duplicity and encrypt the backups with three gpg keys: one that is for the IT department with a known passphrase, one for the business with a different known passphrase, and my personal key.
I’m a one man show but I set this up with the future in mind. Different data might not have all three keys, but this arrangement allows me to spin off bits of the data management as needed. The passphrases can be changed as/when needed without invalidating old backups.
Combined with ssh certificates it helps organize my IT needs.