When creating a dataset in an unencrypted pool with generate key checked there’s no option to see or download key.
Now my dataset with personal data is locked and i can’t find they key.
OS Version:TrueNAS-SCALE-24.04.2.5
Here is an Export Key button in the right panel:
I’m on version 24.10.2.1, though.
AFAIK, if the dataset is encrypted with a key (not a passphrase), it must be automatically unlocked on boot.
1 Like
How did you lock the dataset? The GUI prevents this for datasets that use a key instead of a passphrase.
EDIT: Did you at any point export this pool?
1 Like
yes, I did export the pool, but imported it back
the dataset is locked so i can’t export the key
I assume that @winnielinnie would start to troubleshoot your issue with those commands:
zfs list -t fs -r -o name,encroot,encryption,keyformat,keylocation | grep -v “.system”
NAME ENCROOT ENCRYPTION KEYFORMAT KEYLOCATION
pool - off none none
pool/.ix-virt - off none none
pool/.ix-virt/buckets - off none none
pool/.ix-virt/containers - off none none
pool/.ix-virt/custom - off none none
pool/.ix-virt/deleted - off none none
pool/.ix-virt/deleted/buckets - off none none
pool/.ix-virt/deleted/containers - off none none
pool/.ix-virt/deleted/custom - off none none
pool/.ix-virt/deleted/images - off none none
pool/.ix-virt/deleted/virtual-machines - off none none
pool/.ix-virt/images - off none none
pool/.ix-virt/virtual-machines - off none none
pool/DATA - off none none
pool/Florin - off none none
pool/Home_assistant - off none none
pool/Immich - off none none
pool/Jelyfin - off none none
pool/Nextcloud - off none none
pool/Nextcloud/config - off none none
pool/Nextcloud/postgres_backup - off none none
pool/Nextcloud/postgress - off none none
pool/Nextcloud/storage - off none none
pool/Robert - off none none
pool/Robert/GoPro_video - off none none
pool/Robert/robert - off none none
pool/Robert/stefan - off none none
pool/Robert1 pool/Robert1 aes-256-gcm hex prompt
pool/Robert1/robert pool/Robert1 aes-256-gcm hex none
pool/Robert1/stefan pool/Robert1 aes-256-gcm hex none
pool/Stefan pool/Stefan aes-256-gcm hex prompt
pool/Stefan/stefan pool/Stefan aes-256-gcm hex none
pool/VM - off none none
pool/app_configs - off none none
pool/app_configs/Organiser - off none none
pool/app_configs/Tailscale_database - off none none
pool/app_configs/homeassist_database - off none none
pool/app_configs/homer_database - off none none
pool/app_configs/immich_database - off none none
pool/app_configs/jelyfin_database - off none none
pool/app_configs/mine - off none none
pool/app_configs/minecraft_database - off none none
pool/app_configs/netdata - off none none
pool/app_configs/nextcloud_database - off none none
pool/app_configs/pihole_database - off none none
pool/app_configs/plex - off none none
pool/app_configs/qbit_database - off none none
pool/app_configs/qbit_database/stefan - off none none
pool/app_configs/sync_database - off none none
pool/app_configs/wireguard_database - off none none
pool/ix-applications - off none none
pool/ix-applications/catalogs - off none none
pool/ix-applications/default_volumes - off none none
pool/ix-applications/k3s - off none none
pool/ix-applications/k3s-ix-applications-backup-system-update--2024-11-11_10:26:09-clone - off none none
pool/ix-applications/k3s/kubelet - off none none
pool/ix-applications/releases - off none none
pool/ix-applications/releases/home-assistant - off none none
pool/ix-applications/releases/home-assistant/charts - off none none
pool/ix-applications/releases/home-assistant/volumes - off none none
pool/ix-applications/releases/home-assistant/volumes/ix_volumes - off none none
pool/ix-applications/releases/home-assistant/volumes/ix_volumes/pgBackup - off none none
pool/ix-applications/releases/home-assistant/volumes/ix_volumes/pgData - off none none
pool/ix-applications/releases/immich - off none none
pool/ix-applications/releases/immich/charts - off none none
pool/ix-applications/releases/immich/volumes - off none none
pool/ix-applications/releases/immich/volumes/ix_volumes - off none none
pool/ix-applications/releases/immich/volumes/ix_volumes/pgBackup - off none none
pool/ix-applications/releases/immich/volumes/ix_volumes/pgData - off none none
pool/ix-applications/releases/immich/volumes/ix_volumes/profile - off none none
pool/ix-applications/releases/immich/volumes/ix_volumes/thumbs - off none none
pool/ix-applications/releases/immich/volumes/ix_volumes/video - off none none
pool/ix-applications/releases/jellyfin - off none none
pool/ix-applications/releases/jellyfin/charts - off none none
pool/ix-applications/releases/jellyfin/volumes - off none none
pool/ix-applications/releases/jellyfin/volumes/ix_volumes - off none none
pool/ix-applications/releases/jellyfin/volumes/pvc-32e92648-ad10-4cbb-809b-2885ba2c26c3 - off none none
pool/ix-applications/releases/jellyfin/volumes/pvc-c5a0785f-3644-4a17-a840-f47af1730b37 - off none none
pool/ix-applications/releases/jellyfin2 - off none none
pool/ix-applications/releases/jellyfin2/charts - off none none
pool/ix-applications/releases/jellyfin2/volumes - off none none
pool/ix-applications/releases/jellyfin2/volumes/ix_volumes - off none none
pool/ix-applications/releases/jellyfin2/volumes/ix_volumes/cache - off none none
pool/ix-applications/releases/jellyfin2/volumes/ix_volumes/config - off none none
pool/ix-applications/releases/jellyfin2/volumes/ix_volumes/transcodes - off none none
pool/ix-applications/releases/netdata - off none none
pool/ix-applications/releases/netdata/charts - off none none
pool/ix-applications/releases/netdata/volumes - off none none
pool/ix-applications/releases/netdata/volumes/ix_volumes - off none none
pool/ix-applications/releases/netdata/volumes/ix_volumes/cache - off none none
pool/ix-applications/releases/netdata/volumes/ix_volumes/config - off none none
pool/ix-applications/releases/netdata/volumes/ix_volumes/lib - off none none
pool/ix-applications/releases/nextcloud - off none none
pool/ix-applications/releases/nextcloud/charts - off none none
pool/ix-applications/releases/nextcloud/volumes - off none none
pool/ix-applications/releases/nextcloud/volumes/ix_volumes - off none none
pool/ix-applications/releases/nextcloud/volumes/ix_volumes/data - off none none
pool/ix-applications/releases/nextcloud/volumes/ix_volumes/html - off none none
pool/ix-applications/releases/nextcloud/volumes/ix_volumes/ix-postgres_backups - off none none
pool/ix-applications/releases/nextcloud/volumes/ix_volumes/pgData - off none none
pool/ix-applications/releases/nextcloud2 - off none none
pool/ix-applications/releases/nextcloud2/charts - off none none
pool/ix-applications/releases/nextcloud2/volumes - off none none
pool/ix-applications/releases/nextcloud2/volumes/ix_volumes - off none none
pool/ix-applications/releases/nextcloud2/volumes/ix_volumes/data - off none none
pool/ix-applications/releases/nextcloud2/volumes/ix_volumes/html - off none none
pool/ix-applications/releases/nextcloud2/volumes/ix_volumes/pgBackup - off none none
pool/ix-applications/releases/nextcloud2/volumes/ix_volumes/pgData - off none none
pool/ix-applications/releases/pihole - off none none
pool/ix-applications/releases/pihole/charts - off none none
pool/ix-applications/releases/pihole/volumes - off none none
pool/ix-applications/releases/pihole/volumes/ix_volumes - off none none
pool/ix-applications/releases/pihole/volumes/ix_volumes/dnsmasq - off none none
pool/ix-applications/releases/qbittorrent - off none none
pool/ix-applications/releases/qbittorrent/charts - off none none
pool/ix-applications/releases/qbittorrent/volumes - off none none
pool/ix-applications/releases/qbittorrent/volumes/ix_volumes - off none none
pool/ix-applications/releases/syncthing - off none none
pool/ix-applications/releases/syncthing/charts - off none none
pool/ix-applications/releases/syncthing/volumes - off none none
pool/ix-applications/releases/syncthing/volumes/ix_volumes - off none none
pool/ix-applications/releases/tailscale2 - off none none
pool/ix-applications/releases/tailscale2/charts - off none none
pool/ix-applications/releases/tailscale2/volumes - off none none
pool/ix-applications/releases/tailscale2/volumes/ix_volumes - off none none
pool/movies - off none none
pool/movies/Stefan - off none none
pool/movies/guest - off none none
pool/movies/meh - off none none
pool/movies/movies - off none none
pool/nextcloud_data - off none none
pool/snaps - off none none
pool/syncdata - off none none
zpool history | tail -n 100
2025-07-27.16:07:50 zfs destroy pool/ix-applications/releases/tailscale2/volumes@auto-2025-06-22_16-00
2025-07-27.16:07:52 zfs destroy pool/ix-applications/releases/tailscale2/volumes/ix_volumes@auto-2025-06-22_16-00
2025-07-27.16:07:55 zfs destroy pool/movies@auto-2025-06-22_16-00
2025-07-27.16:07:57 zfs destroy pool/movies/Stefan@auto-2025-06-22_16-00
2025-07-27.16:08:00 zfs destroy pool/movies/guest@auto-2025-06-22_16-00
2025-07-27.16:08:02 zfs destroy pool/movies/meh@auto-2025-06-22_16-00
2025-07-27.16:08:05 zfs destroy pool/movies/movies@auto-2025-06-22_16-00
2025-07-27.16:08:07 zfs destroy pool/nextcloud_data@auto-2025-06-22_16-00
2025-07-27.16:08:09 zfs destroy pool/snaps@auto-2025-06-22_16-00
2025-07-27.16:08:12 zfs destroy pool/syncdata@auto-2025-06-22_16-00
2025-07-28.10:18:47 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-28.11:27:51 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-28.23:16:15 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-29.09:01:53 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-29.12:56:39 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-29.17:24:43 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-29.17:38:22 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-29.18:10:53 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-30.08:59:12 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-30.13:07:56 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-30.18:34:06 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-30.19:05:09 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-31.09:49:23 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-31.11:11:10 py-libzfs: zpool scrub pool
2025-07-31.15:57:57 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-31.19:11:59 py-libzfs: zpool set autotrim=on pool
2025-07-31.19:13:38 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-07-31.19:14:10 export
2025-07-31.19:14:25 py-libzfs: zpool import 17363736350364232265 pool
2025-07-31.19:14:27 py-libzfs: zfs inherit -r pool/movies
2025-07-31.19:14:28 py-libzfs: zfs inherit -r pool/Florin
2025-07-31.19:14:28 py-libzfs: zfs inherit -r pool/DATA
2025-07-31.19:14:29 py-libzfs: zfs inherit -r pool/Stefan
2025-07-31.19:14:29 py-libzfs: zfs inherit -r pool/Immich
2025-07-31.19:14:33 py-libzfs: zfs inherit -r pool/.system
2025-07-31.19:14:35 py-libzfs: zfs inherit -r pool/Nextcloud
2025-07-31.19:14:36 py-libzfs: zfs inherit -r pool/Home_assistant
2025-07-31.19:14:36 py-libzfs: zfs inherit -r pool/Robert1
2025-07-31.19:14:37 py-libzfs: zfs inherit -r pool/nextcloud_data
2025-07-31.19:14:38 py-libzfs: zfs inherit -r pool/snaps
2025-07-31.19:14:46 py-libzfs: zfs inherit -r pool/app_configs
2025-07-31.19:14:46 py-libzfs: zfs inherit -r pool/VM
2025-07-31.19:14:46 py-libzfs: zfs inherit -r pool/syncdata
2025-07-31.19:14:47 py-libzfs: zfs inherit -r pool/Jelyfin
2025-07-31.19:14:48 py-libzfs: zfs inherit -r pool/Robert
2025-08-01.08:45:14 zpool import 17363736350364232265 -R /mnt -m -f -o cachefile=/data/zfs/zpool.cache
2025-08-01.09:09:42 py-libzfs: zfs clone pool/ix-applications/k3s@ix-applications-backup-system-update--2024-11-11_10:26:09
2025-08-01.09:25:23 zpool import 17363736350364232265 -R /mnt -m -N -f -o cachefile=/data/zfs/zpool.cache
2025-08-01.09:25:36 py-libzfs: zpool prefetch -t ddt pool
2025-08-01.09:32:34 py-libzfs: zpool set feature@redaction_list_spill=enabled pool
2025-08-01.09:32:34 py-libzfs: zpool set feature@raidz_expansion=enabled pool
2025-08-01.09:32:34 py-libzfs: zpool set feature@fast_dedup=enabled pool
2025-08-01.09:32:34 py-libzfs: zpool set feature@longname=enabled pool
2025-08-01.09:32:34 py-libzfs: zpool set feature@large_microzap=enabled pool
2025-08-01.11:13:32 py-libzfs: zfs create -o aclmode=discard -o acltype=posix -o exec=on -o casesensitivity=sensitive -o atime=off -o org.truenas:incus_storage_pool=pool -o xattr=sa pool/.ix-virt
2025-08-01.11:13:34 zfs set xattr=sa relatime=on mountpoint=legacy setuid=on exec=on devices=on acltype=posixacl pool/.ix-virt
2025-08-01.11:13:35 zfs create -o mountpoint=legacy pool/.ix-virt/deleted
2025-08-01.11:13:35 zfs create -o mountpoint=legacy pool/.ix-virt/buckets
2025-08-01.11:13:35 zfs create -o mountpoint=legacy pool/.ix-virt/deleted/buckets
2025-08-01.11:13:36 zfs create -o mountpoint=legacy pool/.ix-virt/custom
2025-08-01.11:13:36 zfs create -o mountpoint=legacy pool/.ix-virt/deleted/custom
2025-08-01.11:13:36 zfs create -o mountpoint=legacy pool/.ix-virt/images
2025-08-01.11:13:37 zfs create -o mountpoint=legacy pool/.ix-virt/deleted/images
2025-08-01.11:13:37 zfs create -o mountpoint=legacy pool/.ix-virt/containers
2025-08-01.11:13:37 zfs create -o mountpoint=legacy pool/.ix-virt/deleted/containers
2025-08-01.11:13:38 zfs create -o mountpoint=legacy -o volmode=none pool/.ix-virt/virtual-machines
2025-08-01.11:13:38 zfs create -o mountpoint=legacy -o volmode=none pool/.ix-virt/deleted/virtual-machines
2025-08-01.11:13:38 zfs set mountpoint=legacy setuid=on exec=on devices=on acltype=posixacl xattr=sa relatime=on pool/.ix-virt
2025-08-01.11:13:38 zfs set mountpoint=legacy pool/.ix-virt/deleted
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/buckets
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/deleted/buckets
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/custom
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/deleted/custom
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/images
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/deleted/images
2025-08-01.11:13:39 zfs set mountpoint=legacy pool/.ix-virt/containers
2025-08-01.11:13:40 zfs set mountpoint=legacy pool/.ix-virt/deleted/containers
2025-08-01.11:13:40 zfs set mountpoint=legacy volmode=none pool/.ix-virt/virtual-machines
2025-08-01.11:13:40 zfs set mountpoint=legacy volmode=none pool/.ix-virt/deleted/virtual-machines
2025-08-01.11:13:41 zfs set acltype=posixacl xattr=sa relatime=on mountpoint=legacy setuid=on exec=on devices=on pool/.ix-virt
2025-08-01.11:13:41 zfs set mountpoint=legacy pool/.ix-virt/deleted
2025-08-01.11:13:41 zfs set mountpoint=legacy pool/.ix-virt/buckets
2025-08-01.11:13:41 zfs set mountpoint=legacy pool/.ix-virt/deleted/buckets
2025-08-01.11:13:41 zfs set mountpoint=legacy pool/.ix-virt/custom
2025-08-01.11:13:42 zfs set mountpoint=legacy pool/.ix-virt/deleted/custom
2025-08-01.11:13:42 zfs set mountpoint=legacy pool/.ix-virt/images
2025-08-01.11:13:42 zfs set mountpoint=legacy pool/.ix-virt/deleted/images
2025-08-01.11:13:42 zfs set mountpoint=legacy pool/.ix-virt/containers
2025-08-01.11:13:42 zfs set mountpoint=legacy pool/.ix-virt/deleted/containers
2025-08-01.11:13:43 zfs set mountpoint=legacy volmode=none pool/.ix-virt/virtual-machines
2025-08-01.11:13:43 zfs set mountpoint=legacy volmode=none pool/.ix-virt/deleted/virtual-machines
2025-08-01.11:59:35 zpool import 17363736350364232265 -R /mnt -m -N -f -o cachefile=/data/zfs/zpool.cache
2025-08-01.11:59:45 py-libzfs: zfs create -o mountpoint=legacy -o readonly=off -o snapdir=hidden -o xattr=sa pool/.system/nfs
2025-08-01.11:59:51 py-libzfs: zpool prefetch -t ddt pool
2025-08-01.12:00:06 py-libzfs: zfs snapshot pool/.system/samba4@wbc-1754042406
2025-08-01.12:54:28 zpool import 17363736350364232265 -R /mnt -m -N -f -o cachefile=/data/zfs/zpool.cache
2025-08-01.12:54:50 py-libzfs: zpool prefetch -t ddt pool
2025-08-01.12:58:18 py-libzfs: zpool online pool /dev/disk/by-partuuid/1bf93467-b9bf-4fd3-9d9a-5bf5041be58e
2025-08-01.12:58:23 py-libzfs: zpool online pool /dev/disk/by-partuuid/865f9964-b10b-4028-945d-72b6405985e3
I think I checked " Delete saved configurations from TrueNAS?" when exporting the pool. Did that delete the key?
Also I have a pool of 4 disk in raidz2 from which two disks have died, could that be why the dataset dosen’t get unlocked at boot?
It could. But I’m not sure.
I think it’s not the case.
Just out of curiosity, were those drives from the same batch? I thought that 2 drives being dead is a very rare case.
Well, I said dead but they are degraded. Disks were bought refurbished so that may also contribute, strangely there’s no smart test failed
When you export the pool, its dataset encryption keys are deleted from the config on the boot-pool. Did you ever export the encryption keys or TrueNAS config with the “secret seed”?
yes, I do have the secret seed
Do you mean you exported the config with the secret seed? It should be in the form of a .tar file.
This config file would need to have been exported as a .tar file before you exported the pool named “pool”.
yes
1 Like
How old is this config file?
You can import it into TrueNAS and then reboot, and it should automatically unlock the pool named “pool”. It will also revert your NAS’s configuration if you made any changes ever since you exported the config file.
Save your current config before you import the old one!
1 Like
9 of july. I’ll try importing it, also thanks @neofusion for the heads up
As long as on the 9th of July your encrypted datasets existed, then the exported config file should contain the key and the secret seed for deciphering the key.
If this works, and your datasets are available again, anything you configured after the 9th of July will need to manually be redone. Understand that you may need to redo SMB shares, services, tasks, or anything else that was configured after that day.
Darkmoon could just revert back to the 9th July config and get the datasets unlocked, export the keys and then import the config he saved today and unlock the datasets using the exported keys.
It would be an extra reboot though. So the benefit of doing that depends on the amount of changes during those 3 weeks.
2 Likes
Perhaps there is an opportunity to export the key after this and then revert to the current config? But it’s worth it only if a lot of changes have been done.
1 Like