Skip to content

docs(admin): restructure and update server-side encryption documentation#13754

Merged
joshtrichards merged 6 commits intomasterfrom
jtr/refactor-admin-sse-cfg-chapter
Feb 24, 2026
Merged

docs(admin): restructure and update server-side encryption documentation#13754
joshtrichards merged 6 commits intomasterfrom
jtr/refactor-admin-sse-cfg-chapter

Conversation

@joshtrichards
Copy link
Copy Markdown
Member

@joshtrichards joshtrichards commented Oct 5, 2025
edited
Loading

This PR updates and improves the server-side encryption documentation.

  • Adds context about "encryption" to help readers understand Server-Side Encryption (SSE) in relation to other encryption solutions (within Nextcloud and those provided by operating systems, etc.).
  • Improves clarity throughout the documentation.
  • Reorganizes and streamlines content for better readability.
  • Adds additional reference links.
  • Fixes outdated comments and notes.
  • Expands and clarifies information on key management modes and encryption methods.
  • Consolidates encryption troubleshooting entries from the General Troubleshooting chapter, bringing all related troubleshooting content together.

Note: In-depth implementation details remain in the dedicated "Details" chapter, which is not affected by this PR.. Same goes for occ encryption section in the occ command reference chapter.

☑️ Resolves

Follow-up items:

🖼️ Screenshots

(works better if you open the screenshot image in a new tab then clicked on again to view it full-size)

image

@joshtrichards joshtrichards added this to the Nextcloud 33 milestone Oct 5, 2025
@joshtrichards joshtrichards mentioned this pull request Oct 9, 2025
Closed
This was linked to issues Oct 9, 2025
Warn about clear paths with Server Side Encryption (SSE) #13722
Closed
Improvements for the encryption section #5282
Closed
@joshtrichards joshtrichards mentioned this pull request Oct 9, 2025
Open
20 tasks
@joshtrichards joshtrichards changed the title refactor(admin): Rewrite Server-Side Encryption chapter docs(admin): restructure and update server-side encryption documentation Oct 13, 2025
@Toorero
Copy link
Copy Markdown

Toorero commented Oct 15, 2025

It would be cool if you could mention that occ:fix-encrypted-version will (most likely) lead to data loss on the corrupted files since it will "just" roll-back to the most recent version that has a valid signature discarding more recent versions with signature errors.

alexanderdd
alexanderdd reviewed Oct 16, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@alexanderdd alexanderdd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this. Sorry, I don't have time to look at this at the moment.

@joshtrichards
Copy link
Copy Markdown
Member Author

joshtrichards commented Oct 16, 2025

fix-encrypted-version will (most likely) lead to data loss on the corrupted files since it will "just" roll-back to the most recent version that has a valid signature discarding more recent versions with signature errors.

@Toorero Can you clarify? The "version", in the context of SSE, is the encryption metadata version (not File Versions). The command just tries a bunch of different possible encryption versions. It doesn't touch file content or roll back to any prior file versions.

@schiessle
Copy link
Copy Markdown
Member

schiessle commented Oct 21, 2025
edited
Loading

@joshtrichards thanks for working on it. One suggestion from my side. We should mention that user keys have some draw backs which can easily irritate users.

A example I use all the time: Think about a group share, the moment you share a file with a group Nextcloud will take the public keys of all group members and encrypt the file-key with it. With large groups this can have a (huge) performance impact. If a admin adds later additional users to the group they will see the file shared with the group but they will not be able to decrypt it because they where not part of the group when the file-key was encrypted. This can lead to a lot of confusion and 1st level support request like "i can't open a file shared with me", "nextcloud is broken", etc.

@blizzz blizzz modified the milestones: Nextcloud 33, Nextcloud 34 Feb 16, 2026
@joshtrichards joshtrichards mentioned this pull request Feb 24, 2026
Open
@joshtrichards
refactor(admin): Rewrite Server-Side Encryption chapter
d4ef265 
Updated the server-side encryption documentation.

- Reorganized and streamlined
- Improved clarity throughout
- Fixed a few outdated comments/notes
- Additional reference links
- Added context of "encryption" to help reader understand SSE in the context of other encryption solutions (both within Nextcloud and provided by their OS/etc)
- Expanded/clarified key management modes and encryption methods a bit

Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards
chore: add back referenced label
6324e4d 
Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards
fix: additional clarification within Limitations section
828c4cd 
Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards
docs(encryption): Add links to occ encryption in cmd ref guide
669b21b 
Added a tip for further encryption command examples and details.

Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards
refactor: Integrate encryption troubleshooting sections
1f36994 
Moved them all to the Encryption chapter rather than having them split between there and the general troubleshooting chapter.

And cleaned up some grammar and typos.

Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards
reactor: consolidate encryption troubleshooting into enc. chapter
a9a1888 
Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards joshtrichards force-pushed the jtr/refactor-admin-sse-cfg-chapter branch from 9a30dfb to a9a1888 Compare February 24, 2026 14:11
@joshtrichards
Copy link
Copy Markdown
Member Author

joshtrichards commented Feb 24, 2026

/backport to stable33

@joshtrichards
Copy link
Copy Markdown
Member Author

joshtrichards commented Feb 24, 2026

/backport to stable32

@joshtrichards joshtrichards merged commit f80e42c into master Feb 24, 2026
12 checks passed
@joshtrichards joshtrichards deleted the jtr/refactor-admin-sse-cfg-chapter branch February 24, 2026 14:15
This was referenced Feb 24, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexanderdd alexanderdd alexanderdd left review comments

@artonge artonge artonge approved these changes

@weizenspreu weizenspreu Awaiting requested review from weizenspreu

@PVince81 PVince81 Awaiting requested review from PVince81

@schiessle schiessle Awaiting requested review from schiessle

@rakekniven rakekniven Awaiting requested review from rakekniven

@come-nc come-nc Awaiting requested review from come-nc

Assignees

No one assigned

Labels

3. to review feature: encryption (client-side) feature: encryption (server-side) manual: admin

Projects

None yet

Milestone

Nextcloud 34

Development

Successfully merging this pull request may close these issues.

Warn about clear paths with Server Side Encryption (SSE) Improvements for the encryption section

6 participants

@joshtrichards @Toorero @schiessle @artonge @alexanderdd @blizzz