Import encrypted pool through API

gork

Dabbler
Joined
Sep 16, 2015
Messages
12
Hello, I have a backup workflow which would benefit from being able to automate the import and export of a couple of encrypted pools. I have been doing this "outside" of FreeNAS manually via commandline but would prefer to work within the framework of FreeNAS.

Through the API I can create, delete and import unencrypted volumes and create and delete encrypted volumes. But I cannot determine how to import an encrypted volume unless the disks have already been decrypted. It seems the API to upload or otherwise specify the GELI key is not available through the regular API. There are api calls to manage recovery keys, but this doesn't seem to help in the case of an encrypted volume which has not been imported. There are no API's to support decryption of disks individually which could allow import.

The API calls used by the UI appear to be private and not part of the official API specification.

Is there any way to do this?
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,176
v1 or v2? If v2, please file a bug report to have that added.
 

gork

Dabbler
Joined
Sep 16, 2015
Messages
12
As far as I can tell neither API version supports uploading a key; v2 supports decrypting disks but that is useless without keys. V1 supports deleting a volume, but v2 doesn't. At this time in 11.2 neither the new nor legacy UI support importing an encrypted pool from the master GELI key (key without passphrase) at the moment either (I believe I saw there was already a bug filed there). The whole thing makes me wonder how well anything is tested. :confused:

I was hoping I was just missing something since the docs are a little sparse. But I guess I'll dig through the bug tracker and start down that path.
 
Top