Just a couple of pre-purchase queries regarding encryption I had when running this in a test VM:
Thanks all.
- Can a pool be encrypted with a password as opposed to a key during initial configuration? Requiring a password before mount?
I noted when creating a test pool it automatically encrypted with a key with no option for a password. Attempting to change that to a password it throws an error that the pool contains the system dataset and that would need to be moved prior to changing from key to password key_format. - On boot I noticed that the encrypted pools mounted automatically, where is the encryption key stored?
I assume on the TrueNAS OS drive itself? Offering similar protection to that of removing a drive from its associated TPM? - Is there anything inherently wrong with just encrypting Datasets/ZVOL underneath an unencrypted pool?
- Is TrueNAS/ZFS encryption production ready? The Enterprise offering looks like it allows for KMIP, and supports FIPS 140-2 drives, so yes?
Thanks all.