Recovery process to add encryption key to existing volume

[mike_b]

This is the second time I've struggled with this issue. My Boot USB died (I'm switching to a boot SATA) and I'm left recovering my config and encryption key for my NAS drives. I have recent backups of both.

The problem is that upon importing the configuration, my encrypted volume exists but will not decrypt. I do not have the recovery key, I have the main key (geli.key). From what I've read, I can detach and re-import the volume with my main key? But that means I have to detach the volume. Is there a way to use the main key + passphrase on a volume without detaching it then importing?

http://doc.freenas.org/11/storage.html?highlight=encrypt#importing-an-encrypted-pool

I think it would be good to have a way to supply the main key + passphrase to decrypt an existing volume. Am I correct in thinking right now, the main method for this is to use the recovery key only (no passphrase)?

 

[moelassus]

I just went through this recently when rebuilding and restoring my config. Once you've restored your config your encrypted volume will be in a locked state. I'm not aware of a way to add a key to an existing volume. I simply detached and reimported the volume at which point it allows you to supply the key. When you detach don't select the option to remove share configuration. You want that to remain.