October 30, 2025Oct 30 First of all, thank you very much for this plugin. I really like your work.Unfortunately, your plugin doesn't seem to work for me (probably my fault). According to the plugin, there should be an auto unlock. Auto-Unlock ActiveHardware keys will unlock devices at boot.Unlockable Devices: 3 device(s)But I still have to enter the password every time I boot up... :/ What am I doing wrong?
November 20, 2025Nov 20 On 9/28/2025 at 5:22 PM, dhstsw said:Yeah, i ripristinate everything 5 minutes after the event.So i guess i'll have to re-do everything to produce the diagnostics file :-/For now i can tell you (after producing the very detailed encryption info that:-All array disks (4) show: Slot 0: Original encryption key-One standalone disk (i guess one that is mounted with Unassigned Devices) shows: Slot 0: Original encryption key-Pool devices (2) show: 🔐 Slot 0: Original encryption key⭐ Slot 31: ⭐ Hardware-derived (2025-09-28 13:20:42 EEST)So, only the pool devices got the new key in slot 31.Also, i have 3 pool devices (Cache on a sata SSD, another one on an M.2 and another final one on a mechanical disk). The detailed info reports only 2 ( /dev/sdh1 and /dev/sdi1).See attacched report.I'll try again when i'll be drunk enough not to get scared again like 4 hours ago :-/Thanks.luks_analysis_20250928_181429.txt@SpaceInvaderOneI think I'm having the same kind of problem... After rebooting the server there was just one pool decrypted. The second one was shown as 'no filesystem'... Having a look at the keys only the first pool do have the slot 31 key. The second one does not. Before that I changed my router and doing so I uninstalled your plugin, rebooted, used the key/passphrase for decryption of the pools, installed your plugin again and activated auto-decrypt... Hope it helpsNews:after some investigation the second pool did not have ana key at slot 31... I uninstalled the plugin, removed 'slot 31' from the drives of the working pool, reinstalled the plugin and activated 'auto-boot'. After that all drives have the key at slot 31 again. Edited December 9, 2025Dec 9 by DerTom
December 29, 2025Dec 29 On 9/28/2025 at 10:22 AM, SpaceInvaderOne said:Don’t worry, you haven’t lost any data. What’s happened is that your array drives don’t seem to have the extra key in slot 31. On reboot the server was able to unlock the pool automatically, but because that key isn’t present on the array drives, they stayed locked. That’s why they’re showing as “unmountable :wrong filesystem”.Before changing anything, could you please grab a diagnostics file and either attach it here or send it to me in a PM? After that, go into the plugin and disable auto-unlock, then restart the server. When it comes back up, enter your original encryption key manually, that will mount all your drives.Once they’re mounted, open the plugin again, run “Encryption Info” with the “Very Detailed” option, and share the output (either paste it here or PM me). My guess is that slot 31 on the array drives will be empty. The plugin has a safety check that skips adding an extra key if it couldn’t make a header backup, and I think that’s what’s happened in your case.@SpaceInvaderOne I finally got around to giving this plugin a try today and I am having the same problem as the users above. As reported by the plugin, I have 8 LUKS devices: 6 on my main array (4 with LUKS V1 and 2 with LUKS V2) and 2 on my cache pool (both LUKS V2). The plugin would not assign the hardware-derived key on slot 31 to any of my array drives, but it did assign the hardware-derived key on slot 31 to my cache pool drives.I'm not sure if the LUKS version matters, but I don't understand how my array drives got a mix of V1 and V2. All drives were encrypted by various releases of Unraid V6. Judging by which of my drives have which LUKS version, it looks like somewhere in the mid-late Unraid V6 releases (maybe 6.9 or 6.10) the default was changed to V2, and then reverted back to V1 in later releases. Though, this is speculation and I have nothing more than this anecdotal evidence.Also, an additional bug to report, when I removed the Auto-Unlock functionality (since it wasn't going to work for me in this state anyway), it did not remove the Slot 31 hardware-derived key from the cache pool drives! I have a before and after LUKS analysis from your plugin I will share with you, with server diagnostics, via PM.IMHO, this plugin is great and I really hope I get to use it. Happy to help you debug this issue, as long as my data is sufficiently safe as we do it!ThanksJesterEE
December 29, 2025Dec 29 @SpaceInvaderOne i looked at a similar plug-in to yours (a version more complex than I'd prefer tbh), and noticed during attempted setup that of my disks happens to not use the same encryption key for some reason as the others.I assume this is why your plugin didn't work for me out of the box, but I'm not sure why i have no issues with manual decryption. Have you run into this issue? How would I fix this to be able to use your plugin?
February 3Feb 3 Hey, thanks for this plugin. There really needs to be more information like this in the official unraid docs: https://docs.unraid.net/unraid-os/system-administration/secure-your-server/securing-your-data/Sifting through forum posts mixed with older/outdated methods is annoying.
February 3Feb 3 Just now, veganbtw said:Hey, thanks for this plugin. There really needs to be more information like this in the official unraid docs: https://docs.unraid.net/unraid-os/system-administration/secure-your-server/securing-your-data/Sifting through forum posts mixed with older/outdated methods is annoying.I don't find this updated or supported (just haven't seen answers in this thread or updates to the plugin) really. Didn't work that great for me and the ui is a bit confusing. Personally I now use Automatic Disk Unlock (by EDACerton here). Works great and well documented. Edited February 3Feb 3 by Niklas
February 18Feb 18 On 9/26/2025 at 3:38 PM, SpaceInvaderOne said:How It WorksIt's pretty straightforward to set up1. Install the plugin from Community Applications2. Enter your current LUKS passphrase or keyfile once during setup3. The plugin generates a hardware key and adds it to LUKS slot 31 (the last slot)4. From then on, your server auto-unlocks using the hardware fingerprintIf you ever change hardware or move locations, just regenerate the key - takes about 30 seconds.Regarding this last part, I had to change replace a motherboard with the same model and added a new GPU. Otherwise the rest of the hardware is the same; I transferred the storage controller and NIC over.When I tried to generate news keys, it just gives a big yellow banner saying:ERROR ===========================================================Prior to the hardware change, the auto-unlock worked fine.Update: I couldn't access the community apps section, apparently it was some issue with the time sync. When I checked the time setting, it was unsynchronized. Could not get it to sync with the time.Could've been a network issue, but it didn't make sense as I was connecting to it via the network.Ended up re-making a new USB and starting over. Seems to work now. Edited February 18Feb 18 by veganbtw
February 23Feb 23 Is there a way to delete the existing generated keys and re-generate new ones?2 of my pools doesn't unlock with the auto-unlock; they show up as incorrect fs and need to be formatted.I need to delete the key, shut down the array, and then enter the passphrase manually for those 2 pools to work properly.
May 16May 16 Anyone else with this plugin try to update to 7.3? My encrypted btrfs pool disappears and the disks show up as unassigned devices.Downgrading back to 7.2.6 restores pool.Wasn't sure if there was a conflict with this plugin.
May 17May 17 11 hours ago, Scuro said:My encrypted btrfs pool disappears and the disks show up as unassigned devices.What is the name of the pool? 7.3 has some new reserved names.
May 18May 18 3 hours ago, Scuro said:sparedataSpare, mirror and raidz prefixes are now reserved with 7.3.0 because they are reserved by ZFS, you can rename the pool before upgrading and then upgrade, or reimport the pool in 7.3 with a new name.
May 19May 19 That was it. Thanks @JorgeBI'm surprised there isn't any kind of precheck when upgrading to throw warnings about that. I didn't see any mention in the release notes.
May 26May 26 On 2/23/2026 at 7:16 AM, veganbtw said:Is there a way to delete the existing generated keys and re-generate new ones?2 of my pools doesn't unlock with the auto-unlock; they show up as incorrect fs and need to be formatted.I need to delete the key, shut down the array, and then enter the passphrase manually for those 2 pools to work properly.I have the same issue. How can I regenerate slot 31? I added a new hard drive – slot 31 is missing (obviously) there.
June 9Jun 9 Hi, I have the array up and running (with an encrypted drive) and I need to change my router. From the plugin inside "Encryption Info", it won't accept my keyfile or any passphrase, and if I try to change the encryption key from Unraid's Disk Settings it says "Encryption Key Update, Incorrect existing key" in that same message. What is happening? How can I uninstall the plugin and obtain or regenerate my keyfile or passphrase?Thank you very much.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.