Is it possible to encrypt an existing dataset (including snapshots) in ZFS on Linux >= 0.8
, e.g. by using send | recv
and destruction of the original dataset?
Encryption of existing dataset in ZFS (ZoL 0.8)
encryptionfilesystemszfs
encryptionfilesystemszfs
Is it possible to encrypt an existing dataset (including snapshots) in ZFS on Linux >= 0.8
, e.g. by using send | recv
and destruction of the original dataset?
Best Answer
Yes, it is. See this simple example (tested on ZoL 0.8.3).
If you would like to use a raw keyfile (rather than a passphrase):
Create a snapshot first:
Then, as proposed,
send | recv
(with replication option-R
), but provide your encryption options on the receive side:If the original dataset is mounted, the new one will not be mounted straightaway:
Destroy the unencrypted dataset and replace it with your new one:
If your dataset does not have any children, mounting is easy:
else
(or simply
zfs mount -a
if you don’t have other datasets which should not be mounted).And that was about it!
Finally, destroy the snapshot, if you like: