Re: Is ZFS native encryption safe to use?
- Reply: infoomatic : "Re: Is ZFS native encryption safe to use?"
- In reply to: iio7_a_tutanota.com: "Is ZFS native encryption safe to use?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 23 Aug 2023 07:32:01 UTC
On 8/23/23 03:02, iio7@tutanota.com wrote: Hello. Just my 2c... > There seems to be a bit of open (and rather old) ZFS native encryption > bugs which still haven't been fixed and it doesn't look like it is > something that is being working on. > > Last night I was going to move some important files from an unencrypted > dataset to a new encrypted (ZFS native) one, but then got my doubts > about doing that (looking at all the different open GitHub issues on > OpenZFS). Could you please provide links to these discussions/bugs? > What is the general experience running with ZFS native encryption on > FreeBSD? I'm using it on three machines with no issues so far. > Is it better to use GELI for the whole pool instead? If possible, I prefer GELI. However, I want to be able to let the machine boot without having to type a passphrase, SSH in and activate the encrypted partitions/dataset. In the past I used to have two partitions (a "plain" one for a non encrypted pool and a GELI one for the encypted pool); however this fixes the sizes of the two pools and leads to some hassle when one might get full while the other still has space; so I'm moving to a single ZFS pool with some encrypted datasets. bye av.