Managing ZFS Encryption Keys
ZFS encryption keys can be managed in different ways, depending on your needs, either on the local system or remotely, if a centralized location is needed.
-
Locally – The above examples illustrate that the wrapping key can be either a passphrase prompt or a raw key that is stored in a file on the local system.
-
Remotely – Key information can be stored remotely by using a centralized key management system like Oracle Key Manager or by using a web service that supports a simple GET request on an http or https URI. Oracle Key Manager key information is accessible to an Oracle Solaris system by using a PKCS#11 token.
For information about managing ZFS encryption keys, see How to Manage ZFS Data Encryption (https://www.oracle.com/technical-resources/articles/solaris/how-to-manage-zfs-encryption.html)
For information about using Oracle Key Manager to manage key information, see: