Encrypted zfs pool doesn't auto decrypt and mount, can do it manually


New Member
Jul 13, 2023
I've been getting started with Proxmox in the last few weeks. Love the software and the learning experience. Thank you!

I've basically got it setup nicely now using ZFS encryption. Followed this amazing guide: https://forum.proxmox.com/threads/full-disk-encryption-with-zfs-using-proxmox-installer.127512/
I have one pool - rpool - on a small SSD.
I unlock the 'root' dataset at boot time over SSH using dropbear.
Then I have a systemd service that runs ExecStart=/usr/bin/zfs load-key -a to unlock my encrypted 'vault' dataset with my containers and VMs.
All works great.

I have a pool - 'naspool' - that's my NAS storage. That has a dataset naspool/nas that's encrypted with a keyfile.
This pool isn't auto unlocked by the service, but is unlocked and mounted instantly when I manually run /usr/bin/zfs load-key -a from the console myself.
Can anyone tell me why it isn't getting auto unlocked and mounted?

My idea
Is it because I don't have it referenced anywhere in my /etc/pve/storage.cfg file?
I haven't done that because I'm not using it for container or image storage and I'm afraid I'll do something bad to the filesystem if I put it in there.
Or is that irrelevant and this is something else?


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!