zfs load-key

From: mike tancsa <mike_at_sentex.net>
Date: Wed, 26 May 2021 14:48:31 -0400
On my offsite backups, I generate a random 256bit key for my encrypted
pools.  At bootup time, I have a key.bin.asc file on the unencrypted
data set which is gpg encrypted.  I grab that file, decode it on a
different server and then scp it back to the machine so I can do a zfs
load-key <dataset>. If I store the unencrypted file on tmpfs, is it
"safe"ish after I delete the unencrypted key file off the tmpfs mount ?
I guess if the box is low on ram, it might move the contents to swap,
but I can keep that off until I am done.  Are there any other angles or
is there a better way to do this if no one is physically on site at the
time post reboot other than using a passphrase ?

Received on Wed May 26 2021 - 18:48:31 UTC

Original text of this message