Problem with ZFS encryption

[stephan@proxmox]

I have a problem with the encryption function of ZFS:
I followed the wiki tutorial:
zfs create -o encryption=on -o keyformat=passphrase tank/encrypted_data
pvesm add zfspool encrypted_zfs -pool tank/encrypted_data

After a reboot of the pve I can see the filelist (ls tank/encrypted_data) and even the files (nano ...) inside the "encrypted" pool WITHOUT having entered the key.
What am I doing wrong?

 

[fiona]

Hi,
is the dataset mounted (zfs get mounted tank/encrypted_data)? If not, move the files below the mount point path somewhere else and use

zfs load-key tank/encrypted_data
zfs mount tank/encrypted_data

 

[stephan@proxmox]

That actually "solved" my problem - thanks very much!!!
Perhaps this could be added to the wiki - at least for newbies like me

 

[fiona]

Please mark the thread as solved by adding the SOLVED prefix to the title.

That actually "solved" my problem - thanks very much!!!
Perhaps this could be added to the wiki - at least for newbies like me

You are right, we should mention that the dataset needs to be mounted as well. One might wrongly assume that zfs load-key does that. zfs mount -l is the better command here. I sent a patch.

 

[SomeUser]

Under solaris 11, a "zfs import x/y" would also load the key and request for the password. That would be even better behavior for the linux version of zfs.