Add warning/export to Media manager "Remove" for encrypted disks

[scottgus1bug]

I found, as reported here: ​https://forums.virtualbox.org/viewtopic.php?f=1&t=78137&p=364039#p364039 that when an encrypted disk is removed from the Media Manager, the encryption keys in the guest's .vbox file are deleted without warning.

There are legitimate reasons why a person might need to remove a disk from the Media Manager and re-attach it to a guest. One reason that I have experienced is one may find that multiple virtual disks on a single host drive may eventually result in host-drive bandwidth limitations which could be resolved by moving one of the guest's virtual disks to another host drive. This requires completely removing the disk from Virtualbox so the path can be changed and re-registering the drive with the guest.

If one is encrypting one's drives, at present such a solution would result in a dead drive, with no warning and no recovery, unless one had backed up the .vbox file. And even if one had backed up the .vbox, there seems to be no way that I've seen to get the encryption keys back into the original .vbox without shutting down all Virtualbox processes and manually editing the keys back in.

I would suggest a warning popup in the Media Manager when one clicks Remove on an encrypted drive, saying that removing an encrypted drive will result in removal of the encryption keys for that drive from the .vbox definition file. The popup could provide an opportunity to export the keys to a user-defined file.

Also, in the Add a Disk wizard when one chooses an existing disk to add to a guest, there could be a choice to mark the added drive as encrypted and import the keys from the user's file.

Thirdly, since the encryption keys are so essential, there could be a new button in the Media Manager, active when an encrypted disk is selected, to export the keys for backup purposes.

None of these exporting/importing functions would compromise security, since the keys are readable in any XML-aware text editor, and the secret password is also needed to use the disk.

Thanks for taking a look at this!

[Law]

Hello Scott. I really understood your report, but looking into your example, I think you can do it in very simple way. Shut down the VM, move the VM folder or individual disks images to other host disks arrays and then make synlinks to it. I use this, I have VMs with four or more disks distributed on two or more physical arrays. Is a good idea redirect with syslinks to an separated small Virtual Disc, paths that have archive logs or spool things, that get a big overhead on disks due to several rewrite operations. If you redirect it to an small virtual disk, the disc can't growing more than your won size. For exemple, redirect /var/log /var/spool /var/cache /tmp.