Updated Encryption (markdown)
DatuX
@ -15,9 +15,14 @@ Things get more interesting if you want to change the encryption-state of a data
|
||||
* If you want to encrypt plain datasets when they are received, you should use the `--encrypt` option. Datasets will then be stored encrypted at the target. Datasets that are already encrypted will still be sent over unaltered in raw-mode.
|
||||
* If you also want re-encrypt encrypted datasets with the target-side encryption you can use both options.
|
||||
|
||||
Note 1: The --encrypt option will rely on inheriting encryption parameters from the parent datasets on the target side. You are responsible for setting those up and loading the keys. So --encrypt is no guarantee for encryption: If you dont set it up, it cant encrypt.
|
||||
|
||||
Note 2: Decide what you want at an early stage: If you change the --encrypt or --decrypt parameter after the inital sync you might get weird and wonderfull errors. (nothing dangerous)
|
||||
## Notes
|
||||
|
||||
* The --encrypt option will rely on inheriting encryption parameters from the parent datasets on the target side. You are responsible for setting those up and loading the keys. So --encrypt is no guarantee for encryption: If you dont set it up, it cant encrypt. (and will store the data unencrypted)
|
||||
|
||||
* --encrypt will be ignored for datasets that are already encrypted: These are transferred in raw mode.
|
||||
|
||||
* Decide what you want at an early stage: If you change the --encrypt or --decrypt parameter after the inital sync you might get weird and wonderfull errors. (nothing dangerous)
|
||||
|
||||
## Some common errors while using zfs encryption
|
||||
|
||||
|
||||
Reference in New Issue
Block a user