Replication Encryption Question

[hescominsoon]

I have freenas a remote and freenas b local. I want freenas a to send it's replicated data to freenas b encrypted. Is this a supported operation in the freenas replication module? I am spcificlaly looking for freenas a to pre-encrypt the data before sending it to b. This way b has no ability to read the data at all..ever.

permissions on b to prevent reading are not what i am looking for..i want freenas a to pre-encrypt the data with it's own remote key that does not get transmitted to freenas b. All freenas b sees is the pre-encrypted data.

 

[Ericloewe]

This will be the killer feature of ZFS encryption, as soon as the final details are ironed out and it arrives in FreeBSD.

Currently, it's not possible unless you encrypt the zfs send stream and treat it as a binary blob on the receiving side.

 

[hescominsoon]

This will be the killer feature of ZFS encryption, as soon as the final details are ironed out and it arrives in FreeBSD.

Currently, it's not possible unless you encrypt the zfs send stream and treat it as a binary blob on the receiving side.

so this feature is currently in development i presume?

 

[Ericloewe]

Yes.

 

[pspikings]

Hi,

I'm looking for exactly this as well, is it possible yet in 11.2-U7 ? Can't see how from the GUI :)

Thanks,

Peter.

 

[Ericloewe]

Definitely not in 11.2. I'm actually not sure about 11.3, I think it has ZFS native encryption.

 

[Shamanix]

Has this feature come yet? Looking to do exactly the same.

 

[hescominsoon]

in TN/C yes you can now send the streams pre-encrypted...:)