I know that there was some built in feature to use full disk encryption using block method but that method isn't recommended due to security. Is it possible to do the following, have TrueNAS build everyone out. Use Veracrypt to perform the initial encryption, put disks back in, use veracrypt to decrypt and then the system picks them up?
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
utilizing veracrypt encryption on the pool
- Thread starter espresso
- Start date
Why shouldn't FDE be used? If you use passphrase instead of key you'll need to put it in after a boot. With keyfile I can see some possible issues. Also, in newer CORE and SCALE, you can use ZFS native encryption, where you also have the choice between phrase and key.
And to answer your question about vera - you can't. TrueNAS claims all space, and to allow veracrypt to encrypt would rob TN from the direct access to disk.
And to answer your question about vera - you can't. TrueNAS claims all space, and to allow veracrypt to encrypt would rob TN from the direct access to disk.
winnielinnie
MVP
- Joined
- Oct 22, 2019
- Messages
- 3,641
What's wrong with native ZFS encryption?
What you're describing is not even possible with TrueNAS.
What you're describing is not even possible with TrueNAS.
