Enable encryption
#13508
Replies: 1 comment
-
You could create a pool with an encrypted root dataset so they all by default inherit encryptionroot and encryption settings from it, but that has some versatility problems - notably, since the root dataset is special and can't be replaced, and you can't use recv -F with encrypted datasets, you could never undo this. You cannot change a dataset from encrypted to unencrypted or vice-versa in place, no. You also cannot currently have multiple wrapping key sources for one dataset, though someone was just talking about possibly implementing that in the next couple months as a project. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi I have a zfs raid 1 without encryption. But now I would like to encrypt my data. I know I could create a new encrypted dataset and moving all the files to that one getting encrypted. But is it also possible to enable encryption for the root pool itself so that every new pool would derive the encryption settings from the root?
In addition: Is it possible meanwhile to specify a keyfile and passphrase for a pool/dataset altogether? So you could mount it either by keyfile or passphrase?
Beta Was this translation helpful? Give feedback.
All reactions