I now have the need to encrypt some backup data.
The trouble is I’m backing up to an non encrypted ZFS pool.
I don’t think there’s a fix apart from creating a new encrypted pool and transferring the data. Which would take hours, if not days.
I suppose I could run a second urbackup server in another jail and point that to the encrypted pool but that’s liable to get messy. Specifying the backup location per client would solve this and be useful for other reasons.
Any more thoughts on this?
You are using ZFS on FreeNAS, right?
Since that has only volume level encryption you could replace all the volumes (disks) with encrypted volumes one at a time. Maybe you’ll get more help on the FreeNAS forums?
That’s not a bad idea. I’m not sure it’s possible but worth looking into.
FreeNAS uses GELI for ZFS so the drives are encrypted before they are added to the pool (GELI sits between ZFS and the disks).
There is currently no true ZFS encryption in OpenZFS. There is some available for Nexenta/Solaris-clone platforms based on the old OpenSolaris code but it’s not platform-agnostic. Oracle stopped publishing the open source code to ZFS after it took over Sun and destroyed any further progress.