Does ZFS on Linux already support Encryption? If not, is it planned?
I found tons of info for ZFS+LUKS but that's absolutely uninteresting: I want ZFS encryption so that I can do replication using zfs send to an "untrusted" backup server. I.e., zfs send fragments should be encrypted.
If ZoL does not support encryption, is there a more elegant way other than creating zVols and using LUKS+EXT on top of it (loosing many ZFS advantages)?
Best Answer
Not yet.
Work's in progress
ZFS Crypto support · Issue #494 · zfsonlinux/zfs · GitHub (2011-12-14)
ZFS Encryption by tcaputi · Pull Request #4329 · zfsonlinux/zfs (2016-02-11) – 593 parts to the conversation, "… too big for github to handle effectively … moving it to a new PR …"
ZFS Encryption by tcaputi · Pull Request #5769 · zfsonlinux/zfs (2017-02-09)
References
How to Manage ZFS Data Encryption (Darren Moffat, Oracle, 2012-07-23)
ZFS Native Encryption by Tom Caputi - YouTube (2016-10-10)
Native encryption coming to OpenZFS! zfs create -o encryption=on. Thank you Tom Caputi
@datto
(Matthew Ahrens, 2017-03-17)Alternatives to the works in progress
As others have pointed out, you do have the option of LUKS – Linux Unified Key Setup – on ZFS on Linux (ZoL).