ZFS dataset encryption

ZFS dataset encryption

Tags :

Category : How-to

Get Social!

ZFS datasets support a host of features to help you manage your storage mounts as effectively as possible. Dataset encryption was added to ZFS in version 30 and can be enabled on a ZFS dataset during dataset creation. As ZFS on Linux in behind the official Solaris release, encryption is not available. ZFS on Linux is currently only at version 28.

You cannot encrypt an existing dataset. You would have to create a new, encrypted dataset, and migrate your data.

To create a dataset volume with encryption, use the following command. Replace [MOUNT POINT] with the location of where to mount the encrypted volume, [ZPOOL] with the name of the existing pool to use and [DATASET NAME] with the name to call the new encrypted dataset.

zfs create -o mountpoint=[MOUNT POINT] [ZPOOL]/[DATASET NAME]

For example:

zfs create -o encryption=on mountpoint=/mnt/homes datastore/homes

Now, you will be asked for a passphrase to use. Enter a passphrase, and then confirm it by typing it a second time. Your encrypted dataset will now be created.

Enter passphrase for 'datastore/homes': xxxxxxxxxxxxxxxxx
Enter again: xxxxxxxxxxxxxxxxx

Finally, check the dataset was created and encrypted:

zfs get encryption datastore/homes
NAME              PROPERTY    VALUE        SOURCE
datastore/homes   encryption  on           local

 


Leave a Reply

Visit our advertisers

Quick Poll

How many Proxmox servers do you work with?

Visit our advertisers