I have a (parent) dataset that is encrypted with a passphrase.
This dataset contains a number of child datasets which inherit the encryption from the parent.
So when I unlock the parent dataset with the passphrase, all the child sets are unlocked as well.
I then have a replication task to replicate the parent dataset including the child sets (via “recursive” setting) to a backup instance.
And while both the parent and child datasets are created on the backup instance, the encryption is not inherited anymore.
So every child dataset now has its “own” encryption, which means I would need to unlock all of them separately.
How can I replicate the parent and child datasets and make sure that the child sets keep their encryption inheritance so I can unlock all of them by unlocking the parent on the backup instance.
1 Like
Did you select “Include Dataset Properties” or “Full Filesystem Replication”?
Did you select the only the parent or also the children too?
I have enabled “Include Dataset Properties” but not “Full Filesystem Replication” as I need to exclude one of the many child datasets.
For the replication task I have selected only the parent dataset but enabled “recursive”.
The child datasets create their snapshots at other / different times of the day.
Any idea how to set this up (while still being able to exclude one of the child datasets)?
You can’t exclude children if this option is selected?
Can you include screenshots of your Replication Task?
I have the same issue. I need to replicate only one dataset, though.
I found the solution, at least for me.
The problem needs to be fixed on the target / backup TrueNAS instance, not in the replication settings of the source instance.
After the datasets have been created by the replication task on the target system, you need to go into the “ZFS Encryption” settings on the target system and enable the " Inherit encryption properties from parent " checkbox.
After I did that for all the child datasets on the target instance, they could all be unlocked by unlocking the parent dataset on the target instance.
This did still work even after subsequent replication tasks (so this setting was not reverted / overwritten again).
Not sure if this would also be a solution for @swc-phil as my problem was with child datasets not inheriting the encryption settings after they have been replicated.
if you only have one dataset, there should be nothing to inherit.
2 Likes
Well, my dataset is Pool/EncRoot/foo/bar/baz/quux/nvme-only/my-precious, so it has the same issue.
Your solution worked like a charm (even though it took me some time to find the setting). My gratitude 
!
2 Likes
