I am creating a new mirrored pool for my data and I plan to encrypt the root as well as a few datasets within it so they can be locked independently. I am creating the pool on my backup system, and I plan to export and import it into my main system when all the data is transferred to the encrypted pool.
I have read conflicting info on whether I need a passphrase to be able to import it. Right now, the dataset is protected by a key, so my question is do I need to change it to passphrase before I export it? or is there a way to have both passphrase and key?
You can export the keyfile, and then unlock the imported pool by using the same keyfile. Keep in mind that this means your dataset(s) will automatically unlock at every boot, unless you use a passphrase.
Thank you for clearing up the confusion @winnielinnie. Yes, the key is stored on the boot pool right? I was able to encrypt the pool, and then encrypt individual datasets in that encrypted pool so that the pool unlocks, but those specific datasets stay locked until their passphrase is used. This works for me, but is this a common practice?
Yes.
I do something similar, but I can’t say for sure if it’s “common practice”.
1 Like