Unlocking a Replication Encrypted Dataset or Zvol
2 minute read.Last Modified 2022-09-29 09:11 EDT
TrueNAS SCALE users should either replicate the dataset/Zvol without properties to disable encryption at the remote end or construct a special JSON manifest to unlock each child dataset/zvol with a unique key.
Replicate every encrypted dataset you want to replicate with properties.
Export key for every child dataset that has a unique key.
For each child dataset construct a proper json with poolname/datasetname of the destination system and key from the source system like this:
Save this file with the extension
On the remote system, unlock the dataset(s) using properly constructed
Uncheck properties when replicating so that the destination dataset is not encrypted on the remote side and does not require a key to unlock.
Go to Data Protection and click ADD in the Replication Tasks window.
Click Advanced Replication Creation.
Fill out the form as needed and make sure Include Dataset Properties is NOT checked.
Go to Storage -> pool/root dataset on the replication system. Click and select Export Key.
Apply the key file or key code to the dataset. Either download the key file, open that file and change the pool name/dataset to the receiving pool name/dataset, or copy the key code provided in the Key window.
On the receiving pool/dataset: Click next to pool/dataset and select Unlock.
Unlock the dataset. Either clear the Unlock with Key file checkbox, paste the Key Code into Dataset Key field (if there is a space character at the end of the key, delete the space), or select the downloaded Key file that was edited.