John Childermass
Dabbler
- Joined
- Oct 20, 2016
- Messages
- 34
Yes, I’m afraid this is another question about encryption! I’ve read a lot of the previous threads, but would like to check I’ve understood. I’m aware that encryption can lead to data loss if I do it wrong, so I’m trying to be careful.
I’m considering using the standard native ZFS encryption in TrueNAS CORE 12 when setting up my pools, primarily so that I don’t have to worry when disposing of drives. I therefore think I’d be happy using keys instead of passphrases. I know this wouldn't help me if someone steals the whole system.
Thank you in advance!
I’m considering using the standard native ZFS encryption in TrueNAS CORE 12 when setting up my pools, primarily so that I don’t have to worry when disposing of drives. I therefore think I’d be happy using keys instead of passphrases. I know this wouldn't help me if someone steals the whole system.
- As long as I download the json file from “Export Dataset Keys" and keep this file somewhere secure such as my password manager, does this protect me from the main risk of losing my encrypted data, i.e. losing the keys? Is this file all I need to regain access to those datasets (e.g. if I have to put the drives in a new system)?
- I noticed that not all encrypted datasets are mentioned in the json file. Is that because if a dataset simply inherits its encryption from the parent, no extra key is needed?
- I’ve read that the keys are stored in the system dataset. I assume this means that the system dataset itself cannot be encrypted. Does that mean that I should move the system dataset to the boot drive and not keep it on a storage pool, because otherwise if I dispose of those storage disks the encryption keys would potentially be accessible on the disks alongside the datasets that they decrypt?
- Are there any other classic "beginner assumes encryption is automatically a good thing and ends up losing data" pitfalls that I should be aware of?
Thank you in advance!