...No Encryption Passphrase Option? (hopefully just PEBCAK)

[Stage5-F100]

Hey all; I'm running a fresh install of FreeNAS 11.3 U1, with a Z2 vdev of 5x Ironwolf NAS.

When creating the new pool, I selected the encryption option, and downloaded the key (then afterward, downloaded the recovery key).

Now that I'm trying to set a passphrase so I can lock/unlock/protect the volumes when out-of-office, the option referred to in the manual... just isn't there.

I'm attaching a screenshot, showing side-by-side my brand new encrypted pool with the encryption operations menu open, next to the relevant section of the 11.3 U1 manual.

Any help here? Am I crazy? Just missing something (hopefully)?

 

[Stage5-F100]

Just a quick addition (can't find the edit option, lesson learned!); here's the linked section to the user manual I'm referencing:

10.2.2.2. Encryption Operations - https://www.ixsystems.com/documentation/freenas/11.3-U1/storage.html#encryption-operations

 

[Mr. Xirtam]

So, I noticed this exact same problem. I created a virtual machine in my Hyper V and simulated the same exact layout I have with my physical server running FreeNAS 11.3-U1, and I noticed the same thing again. I select encryption when creating the main pool and I only have the Recovery Key and Reset Keys options. But the main reason I created the Hyper-V instance was to test backing up to an external. I created a second pool with that "external drive" and I enabled encryption on it as well. What's strange is I have the option "Encryption Key" with that second pool I created, but still not an option on the first pool, which was the primary one I created. So as a test, I deleted both pools and wiped all configuration of them, started fresh again with the disks. This time, I did it reversed; I created my backup disk (single stripe) pool with encryption. I noticed now, on this pool, no Encryption Key option still. I created the second pool with all of the hard drives in a Raid-Z2 configuration with encryption. I now have the option for Encryption Key on that second pool. I then deleted that second pool and created three additional pools with those drives in different configurations. All of them offered the option for Encryption Key. But the first pool, the backup stripe drive, still lacked the option. If I deleted the first pool that lacked the Encryption Key option, I noticed that the second pool I created, no longer has the Encryption Key option.

So it seems like Encryption Key is not provided as an option in the encryption menu for the first pool created, but is an option for the second one and later. Not sure if this is a bug, but having it as an option should be there I think.

 

[Stage5-F100]

[...]

Xirtam, thank you so much for confirming this on your end too! I'm glad it's not just me over here.

For the devs / maintainers / iX staff:

I don't think I have the luxury of re/creating a dummy pool and secondary pool to enable this feature, as this server + pool from OP is in use now that I'm working from home (was originally intended for family, Plex, and storing home-office docs for backups). I'd really appreciate any head's up for a fix, or if it's a user error (...entirely possible) just a pointer on how I can suck less?

Aside from this, and some issues with VMs stopping for no reason (bhyve errors, I'll make a new thread), I'm really in love with FreeNAS/TrueNAS and thankful for the time everyone's poured into this. Hopefully I can give back to the community as I learn more on my end.

 

[sdv]

Hello,

I have exactly the same problem : only 2 options : recovery keys or reset keys are available on the lock menu.

I've created an encrypted pool but I can't set a passphrase which is very annoying because data are no longer protected if someone steal my NAS.

Am I doing something wrong ? Is there any workaround, even with CLI ?

Best regards

 

[sdv]

Ok problem solved :)

encryption key menu is hidden when not applicable, when the pool needs to be ready at boot process for example.

The point is that my pool was used as "system dataset pool" so I simply had to change the system data pool to another pool and "encryption key" automagically appears.

to check which pool is used by system :
system / system dataset
and move "system dataset pool" to another available pool

Enjoy

 

[Mr. Xirtam]

To further elaborate on this:

7. System — FreeNAS®11.3-U2 User Guide Table of Contents

www.ixsystems.com

Since the system dataset stores the keys, it defaults to the first pool to be stored. If you want to add a passphrase, it cannot verify it if it resides on the same pool. So it is disabled as a result, unless you move it. I think this should be mentioned in the encryption section of the documentation to help avoid future confusion.