Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1

From: Adam Thompson <athompso@athompso.net>
To: Proxmox VE user list <pve-user@lists.proxmox.com>,
	Thomas Lamprecht <t.lamprecht@proxmox.com>
Cc: Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1
Date: Wed, 1 Dec 2021 02:58:06 +0000	[thread overview]
Message-ID: <YT2PR01MB462235244657E1D3679BA866AB689@YT2PR01MB4622.CANPRD01.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <CACEJK8MCyAtsz_V4hc42E0cbmk7Qde5zS0LVQr+zw2OrVJYu5w@mail.gmail.com>

No.  That means that the encryption *feature* is enabled, i.e. you may now proceed to encrypt your dataset... if you really want to find out exactly how that breaks things, I guess.
If it came back as disabled, you would not be able to use encryption at all on that dataset.
-Adam

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: pve-user <pve-user-bounces@lists.proxmox.com> on behalf of Eric Abreu <abreuer1521@gmail.com>
Sent: Tuesday, November 30, 2021 6:31:31 PM
To: Thomas Lamprecht <t.lamprecht@proxmox.com>
Cc: Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Where is ZFS encryption key in Proxmox 7.1

Hello Thomas,

I have repeated the following steps:

1 - Went to PVE Node/ ZFS/ Create ZFS/
2 - On the dialogue box name = my_pool, Add Storage (check), Select Devices
(2 x 1TB disks), RAID Level = Mirror, Compression = off, ashift = 12
3 - Hit Create
4 - Open the command line on my pve node and typed:
zpool get feature@encryption my_pool

And I got this as a response:

NAME     PROPERTY            VALUE               SOURCE
my_pool  feature@encryption  enabled             local

Does that mean encryption is enabled?

Thanks again.

On Tue, Nov 30, 2021 at 12:17 PM Eric Abreu <abreuer1521@gmail.com> wrote:

> Hi Thomas,
>
> Thanks for the quick response. I'm going to repeat the steps to create the
> ZFS pool from the web interface and paste them here. I'm pretty sure I did
> everything from the dashboard and the encryption was enabled by default.
> I'll keep you posted. Thanks again for your help.
>
> On Tue, Nov 30, 2021 at 3:37 AM Thomas Lamprecht <t.lamprecht@proxmox.com>
> wrote:
>
>> Hi,
>>
>> On 30.11.21 04:36, Eric Abreu wrote:
>> > I have created a ZFS pool from Proxmox 7.1 web interface with 2 SSDs in
>> > RAID 1. I noticed that everything works fine after I created the pool,
>> and
>> > ZFS at REST encryption was also enabled. After rebooting the server it
>> did
>> > not ask for a passphrase so my guess is that Proxmox is getting the key
>> > from somewhere in the file system. Anyone could help me find out where?
>>
>> Well, how did you enable ZFS at rest encryption? As that is something
>> that won't
>> be done automatically, and the local-storage web-interface/api currently
>> does not
>> allow to configure that either.
>>
>> cheers,
>> Thomas
>>
>>
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user