TrueNAS replication allows users to create replicated snapshots of data stored in encrypted pools, datasets or zvols as a way to back up stored data to a remote system. You can use encrypted datasets in a local replication.
TrueNAS offers ZFS encryption for your sensitive data in datasets and zvols.
Users are responsible for backing up and securing encryption keys and passphrases! Losing the ability to decrypt data is similar to a catastrophic data loss.
Data-at-rest encryption is available with:
The local TrueNAS system manages keys for data-at-rest. Users are responsible for storing and securing their keys. TrueNAS includes the Key Management Interface Protocol (KMIP).
TrueNAS supports dataset and zvol encryption to secure stored data at rest.
Datasets, root, non-root parent, and child, or zvols with encryption include the Encryption widget in the set of dataset widgets shown on the Datasets screen.
The Datasets tree table includes lock icons and descriptions that indicate the encryption state of datasets.
| Icon | State | Description |
|---|---|---|
 | Locked | Displays for locked encrypted root, non-root parent and child datasets. |
 | Unlocked | Displays for unlocked encrypted root, non-root parent and child datasets. |
 | Locked by ancestor | Displays for locked datasets that inherit encryption properties from the parent. |
 | Unlocked by ancestor | Displays for unlocked datasets that inherit encryption properties from the parent. |
The Encryption option on the Pool Manager screen sets encryption for the entire pool.
The Datasets screen and widgets show information about datasets and zvols, provide access to data management functions, indicate the dataset roles, list the services using the dataset, show encryption status, and list permissions for datasets. The screen focuses on managing data storage, including user and group quotas, snapshots, and other data protection measures.
The Datasets screen shows No Datasets and a Create Pool button until you add a pool and the first root dataset.
