Posted July 11, 20241 yr Just installed Unraid 7.0.0 beta 1. Nice work guys! Was great to import my ZFS pools from Arch and move back to Unraid. I have an encrypted ZFS dataset called backups with the key located on the USB key. Right now I have this mounting on boot in a roundabout way via adding zfs load-key and mount commands to /boot/config/go: encryption key: -rw------- 1 root root 32 Jul 11 11:49 /boot/config/keys/fastpool-backups.key key location: root@tera ~# zfs get keylocation fastpool/backups NAME PROPERTY VALUE SOURCE fastpool/backups keylocation file:///boot/config/keys/fastpool-backups.key local /boot/config/go #!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp # Load keys for ZFS pools sleep 90 zfs load-key fastpool/backups This seems to work but isn't ideal of obvious reasons. Is there a better way? Thank you Edited July 11, 20241 yr by ensnare
July 11, 20241 yr No, at the moment Unraid only supports LUKS natively. File system level encryption has to be handled manually, which you seem to be doing without issue. You can certainly look through the feature requests area of the forum, and if it's not already requested, add a topic.
August 30, 2024Aug 30 @ensnare I just wrote a small tutorial on how to get ZFS native encryption to "integrate" with unRAID's own LUKS encryption: https://github.com/andrebrait/unraid-native-zfs-encryption See if that's useful to you. The net result is that the experience is identical to using unRAID + LUKS, but it auto-mounts ZFS encrypted datasets too, whe starting up the array.
August 31, 2024Aug 31 One big thing about the approach I used there is that the ZFS key is never exposed unencrypted.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.