My suggestion is to create a new capability that enables the encryption of underlying devices, without having to evacuate/recreate the pools first - eg. per the process described here
The process described is an interative one, and perhaps not the ONLY way to do it - but assuming it works per the process described on that link, then perhaps include some features such as:
Prompting the admin before progressing to the next phase Verifying pool state prior to moving to next phase (eg. no new failures Additional Warning if using raidz/mirror (ie. single-drive redundancy) Permit "encrypted offline export" of key zfs file systems (eg. documentation) ... just in case Future option - one-time encrypted backup to cloud-hosted facility before migration (ie. partner with provider, or offer from iXSystems)
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
Show:
Kris Moore
July 18, 2024 at 6:06 PM
Thank you for submitting this feature request! To better accommodate and gauge community interest for future versions of TrueNAS we have moved the submission process to our TrueNAS Community Forums. If this feature is still important and relevant for consideration, please refer to the links below on how to submit it for community voting and TrueNAS roadmap review.
Given that TrueNAS 12 introduces per-dataset encryption at ZFS level, inherited by the move to OpenZFS, I am not sure we need another way of doing encryption on an existing pool.
Unresolved
Details
Priority
Low
Assignee
Triage Team
Triage Team
Reporter
Andrew Barnes
Andrew Barnes
More fields
Time tracking
Katalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Low
My suggestion is to create a new capability that enables the encryption of underlying devices, without having to evacuate/recreate the pools first - eg. per the process described here
https://www.ixsystems.com/community/threads/how-to-encrypt-an-existing-raidz-or-mirror.16975/
The process described is an interative one, and perhaps not the ONLY way to do it - but assuming it works per the process described on that link, then perhaps include some features such as:
Prompting the admin before progressing to the next phase
Verifying pool state prior to moving to next phase (eg. no new failures
Additional Warning if using raidz/mirror (ie. single-drive redundancy)
Permit "encrypted offline export" of key zfs file systems (eg. documentation) ... just in case
Future option - one-time encrypted backup to cloud-hosted facility before migration (ie. partner with provider, or offer from iXSystems)