1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Data Encryption
  3. Creating an Encrypted Project (CLI)

Creating an Encrypted Project (CLI)

For more detailed information about creating a project, see Creating a Project (CLI).

A project inherits properties of the parent pool. A share inherits properties of the parent project. For a list of properties that can be inherited, see Inherited Properties.

A project that is created in an encrypted pool is automatically encrypted, and inherits the encryption settings from the pool. You can change the encryption key settings, but you cannot unencrypt the project and you cannot create an unencrypted project in an encrypted pool.

This procedure describes how to create an encrypted project in either an encrypted pool or an unencrypted pool.

Before You Begin

To use encryption, you must configure it first. See Data Encryption.

  1. Go to shares.
  2. Enter the project command, and a name for the project.
  3. If the parent pool for this project is not encrypted, set an encryption type.

    If the parent pool for this project is not encrypted, the value of the encryption property is off by default. To create an encrypted project, set the encryption property to a new value. See Understanding Encryption Key Values for descriptions of the values of the encryption property.

    If the parent pool for this project is encrypted, the encryption property value is inherited and you cannot change it.

  4. Set a keystore and a key name.

    If the parent pool for this project is not encrypted, set the keystore and keyname properties.

    If the parent pool for this project is encrypted, the values of the keystore and keyname properties are inherited from the pool by default. You can use the inherited values or change them. 

    hostname:shares myproject (uncommitted)> get encryption keyname keystore
                    encryption = aes-128-ccm
                      keystore = LOCAL
                       keyname = MyKey

    Use the set command to set new values for keystore and keyname, as shown in the following example: 

    hostname:shares myproject (uncommitted)> set keyname=NewKey
                       keyname = NewKey (uncommitted)
  5. Use the get and set commands to set other properties as appropriate for this project.

    Project properties are described in Project Properties.

  6. Enter commit.

    All shares created under this project are automatically encrypted with these encryption values, although the keystore and keyname values can be changed. See Creating an Encrypted Filesystem or LUN (CLI).

Related Topics