-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: Any plans for supporting keylocation=https:// #9947
Comments
Yes, this functionality is planned. There's an initial patch for FreeBSD which uses libfetch. It needs to be adapted for Linux to use libcurl or another library. |
Perhaps it should be noted that zfs-load-key will accept a key piped from std-out, so you can use curl to direct its output to a pipe to achieve a similar result. I use something similar (smbget) and a systemd service to load the keys when the network is up. |
Excuse me, I'm not sure this works for raw keys, but it does work for passphrases with the keylocation set to "prompt." |
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947
Add support for http and https to the keylocation properly to allow encryption keys to be fetched from the specified URL. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@ixsystems.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Issue openzfs#9543 Closes openzfs#9947 Closes openzfs#11956
Add support for http and https to the keylocation properly to allow encryption keys to be fetched from the specified URL. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@ixsystems.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Issue openzfs#9543 Closes openzfs#9947 Closes openzfs#11956
Add support for http and https to the keylocation properly to allow encryption keys to be fetched from the specified URL. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@ixsystems.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Issue openzfs#9543 Closes openzfs#9947 Closes openzfs#11956
Add support for http and https to the keylocation properly to allow encryption keys to be fetched from the specified URL. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@ixsystems.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Issue openzfs#9543 Closes openzfs#9947 Closes openzfs#11956
I tried to implement a system where ZFS gets the encryption key from a local HTTP server (as described in the official oracle docs) but creating it using
zfs create -o encryption=on -o keylocation=https://mykeyserver/keyforthisserver -o keyformat=raw data/enc
fails withcannot create 'data/enc2': invalid keylocation
Are there any plans on implementing it? For now I'll just mount the key via nfs and use the file:///path method
The text was updated successfully, but these errors were encountered: