So, after playing with this a bit, and falling into a crash course in working with the API, I can now attest to the fact that setting SED passwords in the TrueNAS middleware via the API is actually pretty simple – rendering the UI change for SEDs, IMO, not a big deal.
Setting system_advanced | adv_sed_password – i.e. the Global SED password – via the API is as simple as, dropping to a shell, and using these commands:
midclt call system.advanced.sed_global_password_is_set
midclt call system.advanced.sed_global_password
midclt call system.advanced.update '{"sed_passwd": "<your_SED_password_string>"}' |jq
The first command returns true/false if a SED global password is set.
The second command returns the set SED global password, if it exists.
The third command will set the SED global password (to the string you put in place of <your_SED_password_string>).
Once set, you can check it with the second command.
Setting individual disk SED passwords, is only slightly more complex – because you have to call the command with a ‘disk identifier’ (NOT simply the disk name, like nmve0, sda, etc.) that you must collect with an additional step. Essentially, the below command at the shell will set an individual drive’s SED password:
midclt call disk.update "<your_disk_identifer>" '{"passwd": "<your_SED_password_string>"}'
… with the disk identifier taking a form like:
{serial_lunid}JQF4XMMRF5TT726_3d84f39adff29c457
You can collect the appropriate identifier for your SED drives thusly:
First, get the names of your SED (Opal “2”, Enterprise “E”) drives with
sedutil-cli --scan, e.g.:
root@TrueNAS[~]# sedutil-cli --scan
Scanning for Opal compliant disks
/dev/nvme0 2 Samsung SSD 970 EVO Plus 2TB
/dev/sda No
/dev/sdb No
/dev/sdc 2 Samsung SSD 870 EVO 500GB
/dev/sdd No
So, in this example, I’m looking for the disk identifiers for nvme0 and sdc. Once I know that, I can query disk information for those drives from the command line like this:
midclt call disk.query \
'[["name","~","nvme0|sdc"]]' \
'{ "extra":{"pools":true,"passwords":true},
"select":["pool","name","identifier","subsystem","bus","type","model","serial","passwd"],
"order_by":["bus","name"]
}' \
|jq
(For any who need the explanation, the second line is a regex query filter putting the targeted disk names delimited by a pipe character, as regex match alterations – so you would modify for the particular needs of your own disk collection – e.g., “nvme0|sdc”, “nvme0|nvme1|sda|sdb”, etc. )
This will output formatted JSON of your SED drive details, giving an easy read of the “identifier” to use for the individual disk SED password setting command:
midclt call disk.update "<your_disk_identifer>" '{"passwd": "<your_SED_password_string>"}'
Of course, once set, you can repeat the earlier disk.query command and see the password in the individual drives details now that it’s set.