Encrypt Existing Pool

Jrod696

Jrod696

Explorer
Joined
Nov 20, 2017
Messages
52
I have searched the forums high and low and reddit and everywhere else I can think of and I have come to the conclusion that it is not possible but I wanted to ask for a definitive answer before I start to buy HDD's to start unloading data to create an Encrypted Pool

So is it possible to Encrypt and Existing Pool?

I have read the horror stories and all of that info but unfortunately it is something I need to do.

If it helps I am currently running Raidz1 with 4 Drives

I did find one reddit page that talked about taking hard drives offline one at a time encrypting it and then bringing it back online but I didnt understand the syntax and that seemed like not what I wanted to do and a little sketchy.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Jrod696 said:
So is it possible to Encrypt and Existing Pool?
Click to expand...
Officially, no--there's no supported method to do this. Unofficially, yes, it can be accomplished, and the method you're describing is probably pretty close to right. Make sure you have a good backup before proceeding.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
In general terms, I think the procedure in that thread would work. I haven't tried it, though, and I don't intend to. The big problem that I see is that the FreeNAS middleware wouldn't be aware that the pool is encrypted, wouldn't have the keys, etc. I don't know if there's a way around that.
 
artlessknave

artlessknave

Wizard
Joined
Oct 29, 2016
Messages
1,506
that sounds like the geli hack method. geli is 100% legacy. encryption is done now by zfs, and there is no way to encrypt data at rest. you need to create a new dasaset or pool and send the data there.
the geli encryption method was very non intuitive in a number of ways and those were the source of many of the horror stories. the new zfs encryption is simpler, although if you don't backup your keys everything can still become random giberish.
 
artlessknave

artlessknave

Wizard
Joined
Oct 29, 2016
Messages
1,506
oh hell. i saw that on mobile and didn't notice the date.
please ignore this thread necro.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Encrypt Existing Pool"

Similar threads

winnielinnie
Upgrading to TrueNAS Core, safely convert existing ZFS pools to OpenZFS with native encryption?
Replies
18
Views
7K
Patrick M. Hausen
Patrick M. Hausen
R
Encrypt existing Datasets
Replies
2
Views
3K
RockNLol
R
J
  • Locked
Mirror Existing Pool
Replies
2
Views
1K
JCasanova
J
echodreamz
  • Locked
Extending an existing pool
Replies
1
Views
811
MrToddsFriends
MrToddsFriends
D
Pool locking and services/jails?
Replies
1
Views
546
Samuel Tai
Samuel Tai
Top