Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Creating an Encrypted Project (CLI)

Shares (filesystems and LUNs) can be encrypted individually or they can be encrypted at the project level because shares inherit project properties. The following example shows how to encrypt all shares within a project by encrypting the project itself.

Before You Begin

To use encryption, you must configure it first; see Data Encryption.

1. To create an encrypted project, use the following CLI commands:

   hostname:shares> project myproject
   hostname:shares myproject (uncommitted)> set encryption=aes-128-ccm
                       encryption = aes-128-ccm (uncommitted)
   hostname:shares myproject (uncommitted)> set keystore=LOCAL
                         keystore = LOCAL (uncommitted)
   hostname:shares myproject (uncommitted)> set keyname=MyFirstKey
                          keyname = MyFirstKey (uncommitted)
   hostname:shares myproject (uncommitted)> commit
   hostname:shares> 

   All shares created under this project are automatically encrypted with AES-128 CCM using the key named "MyFirstKey" from the LOCAL keystore.

2. To create a filesystem in the new project and show that it inherited the encryption properties, use the following CLI commands:

   hostname:shares> select myproject
   hostname:shares myproject> filesystem f1
   hostname:shares myproject/f1 (uncommitted)> commit
   hostname:shares myproject> select f1
   hostname:shares myproject/f1> get encryption keystore keyname keystatus
                       encryption = aes-128-ccm (inherited)
                         keystore = LOCAL (inherited)
                          keyname = MyFirstKey (inherited)
                        keystatus = available
   hostname:shares myproject/f1> done

Related Topics

• Encryption Properties

• Managing Encryption Keys

• Changing a Share Encryption Key (CLI)