1. Managing ZFS File Systems in Oracle Solaris 11.4
  2. Managing Oracle Solaris ZFS File Systems
  3. Encrypting ZFS File Systems
  4. Changing an Encrypted ZFS File System's Keys
  5. Managing ZFS Encryption Keys

Managing ZFS Encryption Keys

ZFS encryption keys can be managed in different ways, depending on your needs, either on the local system or remotely, if a centralized location is needed.

  • Locally – The above examples illustrate that the wrapping key can be either a passphrase prompt or a raw key that is stored in a file on the local system.

  • Remotely – Key information can be stored remotely by using a centralized key management system like Oracle Key Manager or by using a web service that supports a simple GET request on an http or https URI. Oracle Key Manager key information is accessible to an Oracle Solaris system by using a PKCS#11 token.

For information about managing ZFS encryption keys, see How to Manage ZFS Data Encryption (https://www.oracle.com/technical-resources/articles/solaris/how-to-manage-zfs-encryption.html)

For information about using Oracle Key Manager to manage key information, see:

https://docs.oracle.com/cd/E50985_03/index.html