TrueNAS replication allows users to create replicated snapshots of data stored in encrypted pools, datasets or zvols as a way to back up stored data to a remote system. You can use encrypted datasets in a local replication.
The Datasets screen and widgets show information about datasets, provide access to data management functions, indicate the dataset roles, list the services using the dataset, show the encryption status, and list the permissions the dataset has in place. The screen focuses on managing data storage including user and group quotas, snapshots, and other data protection measures.
The Datasets screen shows No Datasets with a Create Pool button in the center of the screen until you add a pool and the first root dataset.
Datasets, root, non-root parent, and child, or zvols with encryption include the ZFS Encryption widget in the set of dataset widgets displayed on the Datasets screen.
The Datasets tree table includes lock icons and descriptions that indicate the encryption state of datasets.
| Icon | State | Description |
|---|---|---|
 | Locked | Displays for locked encrypted root, non-root parent and child datasets. |
 | Unlocked | Displays for unlocked encrypted root, non-root parent and child datasets. |
 | Locked by ancestor | Displays for locked datasets that inherit encryption properties from the parent. |
 | Unlocked by ancestor | Displays for unlocked datasets that inherit encryption properties from the parent. |
The Encryption option on the Pool Manager screen sets encryption for the pool and root dataset.
TrueNAS offers ZFS encryption for your sensitive data in datasets and zvols.
Users are responsible for backing up and securing encryption keys and passphrases! Losing the ability to decrypt data is similar to a catastrophic data loss.
Data-at-rest encryption is available with:
The local TrueNAS system manages keys for data-at-rest. Users are responsible for storing and securing their keys. TrueNAS includes the Key Management Interface Protocol (KMIP).
