Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Mar 2015 06:31:56 +0000
From:      Ben Woods <woodsb02@gmail.com>
To:        steven@stevenpeguero.com, freebsd-questions@freebsd.org
Subject:   Re: ZFS Encryption Availability
Message-ID:  <CAOc73CA3495C5xYz5V-5BWVMFk0CuCjJWmDpTMC1XrEyYPG3nw@mail.gmail.com>
In-Reply-To: <55173F0B.8000605@stevenpeguero.com>
References:  <55173F0B.8000605@stevenpeguero.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
ZFS in FreeBSD does not come with built in encryption support. It is
however very common in the freebsd world to encrypt your partition with
geli(8) and then put a ZFS filesystem inside that encrypted partition. This
works really well, especially if you have hardware crypto such as aesni(4).

Read more about making a geli(8) encrypted partition here (scroll passed
the gbde(4) encryption option unless it takes your fancy):
https://www.freebsd.org/doc/handbook/disks-encrypting.html

Then put your ZFS filesystem in the encrypted partition. More help here:
https://www.freebsd.org/doc/handbook/zfs.html

Good luck!
-Ben
On Sun, 29 Mar 2015 at 7:54 am Steven Peguero <steven@stevenpeguero.com>
wrote:

> Hello,
>
> In advance, I apologize for asking this particular question, as I'm
> coming from the Linux world, but I wanted to know if encryption is
> natively supported on FreeBSD for miscellaneous ZFS pools/datasets.
>
> If such functionality does exist, how exactly would I go about initially
> setting up encryption for a particular ZFS pool/dataset and manually
> decrypting it at boot using a passphrase? It seems as though this
> particular topic has not yet been mentioned in the official handbook,
> unfortunately.
>
> In advance, thank you for your response!
>
> Steven
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CA3495C5xYz5V-5BWVMFk0CuCjJWmDpTMC1XrEyYPG3nw>