Remove Encryption

[timie_milie]

How do I remove encryption from a volume?
I tried backing up the keys and detached and re importing the volume on the same server, but it didn't work.
N.B. I (had to) select decrypt during import which I thought would remove the decryption, but I guess this really just enables runtime decryption for import / mount?
I still have to unlock the volume on each boot.

 

[m0nkey_]

Encryption is a one way thing. If you wish to remove encryption, you must first backup your data and recreate the pool without encryption.

 

[timie_milie]

Thank you, I did not know that (obviously).
I don't remember seeing that in the documentation and can't see it on a re-inspection - how do I raise a documentation bug / issue (or point me to the info I missed)?

 

[Stux]

You can remove encryption by offlining a drive. Wiping the drive, then replacing the drive with the now erased drive. Repeat for each drive.

Might need to be done in the CLI.

I have not done this, but it is documented on the forum.

 

[SweetAndLow]

You can remove encryption by offlining a drive. Wiping the drive, then replacing the drive with the now erased drive. Repeat for each drive.

Might need to be done in the CLI.

I have not done this, but it is documented on the forum.

Yep there is a thread that talks about it.

It's also common knowledge that you can't unencrypted something once it encrypted. That is the whole point of encryption. The rebuilding drives thing is a trick that only zfs can do.

 

[Arwen]

Using external encryption does have it's advantages.

The native OpenZFS encryption coming to an OS near you, would not allow this. It would require copying the data to an un-encrypted dataset. (Temporarily requiring extra space...) Unless you encrypted the top level dataset, which would from pratical sake, be an encrypted pool. Thus, backup, destroy pool, re-create pool, and restore.