From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id A797182B23 for ; Wed, 1 Dec 2021 01:32:20 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 954DE2C8A9 for ; Wed, 1 Dec 2021 01:31:50 +0100 (CET) Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id D33E02C894 for ; Wed, 1 Dec 2021 01:31:49 +0100 (CET) Received: by mail-yb1-xb2b.google.com with SMTP id v203so58022059ybe.6 for ; Tue, 30 Nov 2021 16:31:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L4L/mW25oNGK/UWogNDrUaTKqh4eMd8ab7h90Vx6FTc=; b=eZaPddWYjvT60UoWMJGPb9VBYnmNltou+w/PcgjmcnBRIGS2yRGJssxM/S2Unergk4 c9QUQOdaLYb/hK22cgUhfWCRDhHR0JJq6RHrukhRAzVcZjvA/y5BXuWzFm4PcmqOU8y/ 293KtjZ+j0OYvwbbW4fVEzvq2KgZIdupGiZqQrKfWSdXeimYhWYB6A/EiytfHaXdHz/q k1k12yezurHWCuaCSK3mPizWvDxcKUiNwzMEJpfMdxacmJ5Fd4OyJxegv8kMoQH38ANt 1rbe3B1JDHtNa0a69ZZ213Wf10txYyqUuOf6EffpREc0RpHYoEGhbqtDZuxVpLzzKJIj 8YLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L4L/mW25oNGK/UWogNDrUaTKqh4eMd8ab7h90Vx6FTc=; b=LnjNDicWrNshEgjSe2pij3RCdXAil2bghTtSkwYdGvdNw/PSddGzec1VDZg6OtNZwJ 2kac+oLaP6IkzMy7uL/3b2shQPTEjU1PSJbr0O82fTmFlCDi4eprxpbZg4zyH0Z4FNH/ agOHIHrLKE4HkE2coHxjA8439MAZY02XTbfc3m/kxj5DP1pFz3SYXuGJ80oGy01UxPTb iXgklRwWLscXxqCRjIroSciS4PV+FAoWHwv3nbKfNm+J7LJn03el/I8bnHrKC6gzdVoK T5hUj70XTavbKZ4RHCDV9d4Y/J+Idl/riBNHiAIqqAS4FqAK9qa6Bjw5x7aNlzpaiTwc Oifw== X-Gm-Message-State: AOAM530SeEdUnQwm4jC9IjchN9CCXQpsvqSrH1whebFlwUWzncwlapAQ eYUmayfyaWa9IuRbOanmyO/q8uU3rTKI/8f/lGg= X-Google-Smtp-Source: ABdhPJxDzEXFDD+x/y5ql+6gzEEvmm+3yI9M/EkFlEKysk8DiybpicIPCdGDzsWrEO9y7dBOgh+ggitWcHkTHbJH7sM= X-Received: by 2002:a25:2a03:: with SMTP id q3mr3033951ybq.55.1638318702095; Tue, 30 Nov 2021 16:31:42 -0800 (PST) MIME-Version: 1.0 References: <5a879cf8-ed5a-783a-29a7-6d175b2605f7@proxmox.com> In-Reply-To: From: Eric Abreu Date: Tue, 30 Nov 2021 19:31:31 -0500 Message-ID: To: Thomas Lamprecht Cc: Proxmox VE user list X-SPAM-LEVEL: Spam detection results: 0 AWL 0.175 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain FREEMAIL_ENVFROM_END_DIGIT 0.25 Envelope-from freemail username ends in digit FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1 X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Dec 2021 00:32:20 -0000 Hello Thomas, I have repeated the following steps: 1 - Went to PVE Node/ ZFS/ Create ZFS/ 2 - On the dialogue box name = my_pool, Add Storage (check), Select Devices (2 x 1TB disks), RAID Level = Mirror, Compression = off, ashift = 12 3 - Hit Create 4 - Open the command line on my pve node and typed: zpool get feature@encryption my_pool And I got this as a response: NAME PROPERTY VALUE SOURCE my_pool feature@encryption enabled local Does that mean encryption is enabled? Thanks again. On Tue, Nov 30, 2021 at 12:17 PM Eric Abreu wrote: > Hi Thomas, > > Thanks for the quick response. I'm going to repeat the steps to create the > ZFS pool from the web interface and paste them here. I'm pretty sure I did > everything from the dashboard and the encryption was enabled by default. > I'll keep you posted. Thanks again for your help. > > On Tue, Nov 30, 2021 at 3:37 AM Thomas Lamprecht > wrote: > >> Hi, >> >> On 30.11.21 04:36, Eric Abreu wrote: >> > I have created a ZFS pool from Proxmox 7.1 web interface with 2 SSDs in >> > RAID 1. I noticed that everything works fine after I created the pool, >> and >> > ZFS at REST encryption was also enabled. After rebooting the server it >> did >> > not ask for a passphrase so my guess is that Proxmox is getting the key >> > from somewhere in the file system. Anyone could help me find out where? >> >> Well, how did you enable ZFS at rest encryption? As that is something >> that won't >> be done automatically, and the local-storage web-interface/api currently >> does not >> allow to configure that either. >> >> cheers, >> Thomas >> >>