Does anyone have a working implementation using keyfiles, preferably on SD Card, instead of a prompt for ZFS? I know how to do this with linux LVM/LUKS. In my opinion the FreeBSD full disk encryption solutions are WAY more secure, but I would really like to use keyfiles instead of getting prompted during boot.
I can't find a way to do it with google-magic.
Best Answer
Update from January 2020
This question was answered in 2011, and the answer I gave pertains specifically to contemporary Solaris 11 behavior. This does not apply to OpenZFS, illumos, or ZFS on Linux.
That being said, the original answer remains, for posterity.
You have to create your key first. ZFS supports two types of file based keys. Hex, and raw. For this you can use
openssl
to generate the key.The
16
creates a 16-byte (i.e., 128-bit) key. For a 192-bit or 256-bit key use24
or32
respectively.Then create your dataset as you normally would, specifying the key.
You can also use the
-hex
flag toopenssl rand
andkeysource=hex
for a human readable hex value in the file.