Editing Encryption
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | Encryption is now native to ZFS, and it is recommended to use that for greater flexibility and compatibility. See | + | Encryption is now native to ZFS, and it is recommended to use that for greater flexibility and compatibility. See the "zpool create -O encryption=on" feature. |
+ | |||
+ | However, the core storage documentation will remain here for those who prefer that method. | ||
== Native ZFS Encryption == | == Native ZFS Encryption == | ||
Line 8: | Line 10: | ||
<code># zpool set feature@encryption=enabled [pool]</code> | <code># zpool set feature@encryption=enabled [pool]</code> | ||
− | On an zpool that supports encryption, | + | On an zpool that supports encryption, a encrypted zfs dataset may be created as follows: |
<code># zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase [dataset]</code> | <code># zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase [dataset]</code> | ||
Line 18: | Line 20: | ||
<code># zfs mount -l [dataset]</code> | <code># zfs mount -l [dataset]</code> | ||
− | This will prompt for the encryption passphrase for this zfs | + | This will prompt for the encryption passphrase for this zfs dataset. If the encryption passphrase is stored in the Keychain as a generic password under the name of the dataset, security(1) may be used to retrieve the passphrase as follows: |
<code># security find-generic-password -a [dataset] -w | zfs mount -l [dataset]</code> | <code># security find-generic-password -a [dataset] -w | zfs mount -l [dataset]</code> | ||
− | |||
− | |||
Additional helpful information about zfs encryption can be found in the [https://blog.heckel.xyz/2017/01/08/zfs-encryption-openzfs-zfs-on-linux/ How-To: Using ZFS Encryption at Rest in OpenZFS (ZFS on Linux, ZFS on FreeBSD, …)]. | Additional helpful information about zfs encryption can be found in the [https://blog.heckel.xyz/2017/01/08/zfs-encryption-openzfs-zfs-on-linux/ How-To: Using ZFS Encryption at Rest in OpenZFS (ZFS on Linux, ZFS on FreeBSD, …)]. |