Date: Wed, 26 May 2021 14:48:31 -0400 From: mike tancsa <mike@sentex.net> To: freebsd-fs <freebsd-fs@freebsd.org> Subject: zfs load-key Message-ID: <886642a6-7b00-9dd7-6f81-e5c18bd9385b@sentex.net>
index | next in thread | raw e-mail
On my offsite backups, I generate a random 256bit key for my encrypted pools. At bootup time, I have a key.bin.asc file on the unencrypted data set which is gpg encrypted. I grab that file, decode it on a different server and then scp it back to the machine so I can do a zfs load-key <dataset>. If I store the unencrypted file on tmpfs, is it "safe"ish after I delete the unencrypted key file off the tmpfs mount ? I guess if the box is low on ram, it might move the contents to swap, but I can keep that off until I am done. Are there any other angles or is there a better way to do this if no one is physically on site at the time post reboot other than using a passphrase ? ---Mikehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?886642a6-7b00-9dd7-6f81-e5c18bd9385b>