This content has been marked as final. Show 1 reply
There are a few possible solutions to this.
1) If all the encrypted datasets are below your home directory ZFS dataset you can use pam_zfs_key module to prompt you for the passphrase at login time.
2) You can put the key material on an https accessible URL on another machine by using a keysource property value such as:
zfs create -o encryption=on -o keysource=raw,https:///example.com/key or
zfs create -o encryption=on -o keysource=passphrase,https://example.com/pass
3) You can use the Oracle Key Manager appliance by using the pkcs11 uri syntax for the keysource and using pktool(1) genkey to create the wrapping key on the OKM
4) You can use the keysource property with raw,file:// to point to a file on some other media (eg a removable USB disk) that is mounted before the encrypted datasets.
See the following documentation, blog and OTN entries for some examples: