Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1

From: Eric Abreu <abreuer1521@gmail.com>
To: athompso@athompso.net
Cc: Proxmox VE user list <pve-user@lists.proxmox.com>,
	Thomas Lamprecht <t.lamprecht@proxmox.com>
Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1
Date: Tue, 30 Nov 2021 22:39:46 -0500	[thread overview]
Message-ID: <CACEJK8OD4oLx8=fUrU0DOpzybzMFZb=L9BppKunJNfOgQHhjsg@mail.gmail.com> (raw)
In-Reply-To: <YT2PR01MB462235244657E1D3679BA866AB689@YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM>

Ok. Thank you Adam.

On Tue, Nov 30, 2021, 9:58 PM Adam Thompson <athompso@athompso.net> wrote:

> No.  That means that the encryption *feature* is enabled, i.e. you may now
> proceed to encrypt your dataset... if you really want to find out exactly
> how that breaks things, I guess.
> If it came back as disabled, you would not be able to use encryption at
> all on that dataset.
> -Adam
>
> Get Outlook for Android<https://aka.ms/AAb9ysg>
> ________________________________
> From: pve-user <pve-user-bounces@lists.proxmox.com> on behalf of Eric
> Abreu <abreuer1521@gmail.com>
> Sent: Tuesday, November 30, 2021 6:31:31 PM
> To: Thomas Lamprecht <t.lamprecht@proxmox.com>
> Cc: Proxmox VE user list <pve-user@lists.proxmox.com>
> Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1
>
> Hello Thomas,
>
> I have repeated the following steps:
>
> 1 - Went to PVE Node/ ZFS/ Create ZFS/
> 2 - On the dialogue box name = my_pool, Add Storage (check), Select Devices
> (2 x 1TB disks), RAID Level = Mirror, Compression = off, ashift = 12
> 3 - Hit Create
> 4 - Open the command line on my pve node and typed:
> zpool get feature@encryption my_pool
>
> And I got this as a response:
>
> NAME     PROPERTY            VALUE               SOURCE
> my_pool  feature@encryption  enabled             local
>
> Does that mean encryption is enabled?
>
> Thanks again.
>
> On Tue, Nov 30, 2021 at 12:17 PM Eric Abreu <abreuer1521@gmail.com> wrote:
>
> > Hi Thomas,
> >
> > Thanks for the quick response. I'm going to repeat the steps to create
> the
> > ZFS pool from the web interface and paste them here. I'm pretty sure I
> did
> > everything from the dashboard and the encryption was enabled by default.
> > I'll keep you posted. Thanks again for your help.
> >
> > On Tue, Nov 30, 2021 at 3:37 AM Thomas Lamprecht <
> t.lamprecht@proxmox.com>
> > wrote:
> >
> >> Hi,
> >>
> >> On 30.11.21 04:36, Eric Abreu wrote:
> >> > I have created a ZFS pool from Proxmox 7.1 web interface with 2 SSDs
> in
> >> > RAID 1. I noticed that everything works fine after I created the pool,
> >> and
> >> > ZFS at REST encryption was also enabled. After rebooting the server it
> >> did
> >> > not ask for a passphrase so my guess is that Proxmox is getting the
> key
> >> > from somewhere in the file system. Anyone could help me find out
> where?
> >>
> >> Well, how did you enable ZFS at rest encryption? As that is something
> >> that won't
> >> be done automatically, and the local-storage web-interface/api currently
> >> does not
> >> allow to configure that either.
> >>
> >> cheers,
> >> Thomas
> >>
> >>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>