I believe I’ve read in Telegram someone from Start9 saying that “if someone has physical access to your server, that’s equivalent to having root access”.
I’d love to understand more, if someone could elaborate on that. Specifically:
Does it make any difference whether the server is turned on or off?
Is any of the following services effective at encrypting data at rest?
Bitwarden
LND
RTL
Nextcloud (it seems it can encrypt data but I’ve read that the keys would be on the same server, so I’m assuming that doesn’t count)
File Browser
Is disk encryption on the roadmap and if so, what is the priority?
Backups seem to be encrypted with the password, is that the case?
If an attacker gains unrestricted physical access to your server, they can mount any number of attacks against it to retrieve data, depending on their technical expertise.
The only real solution is to restrict physical access as much as possible in the first place.
Depending on your budget and threat model, this can be done by keeping the server in a locked or even guarded server room/closet where only authorized personnel have the specific key or pass code and is connected to an alarm system.
Another option is hiding your server in plain sight.
Setting up full at rest disk encryption would be a problem specially since you would have to physically enter a password whenever you boot up or restart your server. (You might not always be in the same location).
Other members of the team with more in depth knowledge of the specific way that services handle encryption might be able to give you more specific information.
Backups are indeed encrypted with your master password, so if you have set up a strong passwords they should be fine.
To add to this - basic disk encryption (naively) exists in StartOS, as a foundation for solving this problem in the future. Furthermore, some services have their own encryption, such as Vaultwarden. These abilities will evolve in the coming years. Stay tuned.