Date: Wed, 26 May 2021 14:48:31 -0400 From: mike tancsa <mike@sentex.net> To: freebsd-fs <freebsd-fs@freebsd.org> Subject: zfs load-key Message-ID: <886642a6-7b00-9dd7-6f81-e5c18bd9385b@sentex.net>
next in thread | raw e-mail | index | archive | help
On my offsite backups, I generate a random 256bit key for my encrypted pools.=C2=A0 At bootup time, I have a key.bin.asc file on the unencrypted= data set which is gpg encrypted.=C2=A0 I grab that file, decode it on a different server and then scp it back to the machine so I can do a zfs load-key <dataset>. If I store the unencrypted file on tmpfs, is it "safe"ish after I delete the unencrypted key file off the tmpfs mount ? I guess if the box is low on ram, it might move the contents to swap, but I can keep that off until I am done.=C2=A0 Are there any other angles= or is there a better way to do this if no one is physically on site at the time post reboot other than using a passphrase ? =C2=A0=C2=A0=C2=A0 ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?886642a6-7b00-9dd7-6f81-e5c18bd9385b>