My Oracle Support Banner

Oracle ZFS Storage Appliance: How To Use Encryption To Safely Secure Data, Ship Disks Or Appliance Without The Key, Then Restore The Key (Doc ID 2043971.1)

Last updated on SEPTEMBER 29, 2021

Applies to:

Oracle ZFS Storage ZS3-2 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage ZS3-4 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage Appliance Racked System ZS4-4 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage Appliance Racked System ZS5-4 - Version All Versions to All Versions [Release All Releases]
Oracle ZFS Storage ZS5-2 - Version All Versions to All Versions [Release All Releases]
7000 Appliance OS (Fishworks)

Goal

This is an example of setting up an encryption key, creating some data, deleting the key, verifying the data is not available, re-creating the key, then checking the data again

This process can be used to ship a disk tray with a pool, or a whole appliance, while the data is unreadable because the key is missing

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 On the zfssa array list the current keys
 
On the zfssa array create a new key
 On the zfssa array create a project and share with the new encryption key
 On the nfs client create some data from the client side
 On the zfssa array display the key so it can be copied for later use
 On the zfssa array destroy the key
 On the nfs client verify that the data is no longer accessible
 On the zfssa array check the share settings
 On the zfssa array re-create the key
 On the zfssa array check the share settings
 On the nfs client check the data availability

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.