Truenas encryption keys on outside server itself

TrueNAS General
1

Hey guys, tried to find if the question was already made but I was not able to.
If I encrypt the datasets with keys then those are stored at Truenas but we can also store it on USB sticks.

What about providing those keys from another server, for instance, another NAS/SMB share that has only the encryption keys?
Would Truesnas during the “loading” startup would be able to read the encryption keys from network?

Why I am asking that, because if the server itself it stolen then the person will not have the “key” to decrypt the data since he/she will not know that is located somewhere else at the internal LAN.

2

Hi and welcome to the forums.

I may be wrong but I have a feeling that key management is only available with TrueNAS Enterprise products. The work around would be to use passphrase encryption but the server would need these entered after every boot to unlock the datasets.

1 Like
3

Hey! thanks for the warm welcome and you are right, it is only for Truenas enterprise and it is indeed a nice feature :slight_smile:

So, for me, it will be without encryption at all :slight_smile:

1 Like