Skip to content

Commit

Permalink
rc.conf: Document zfskeys
Browse files Browse the repository at this point in the history
Fixes:		33ff397 Add zfskeys rc.d script for auto-loading encryption keys
MFC after:	3 days
Reviewed by:	allanjude
Sponsored by:	Modirum
Sponsored by:	Klara, Inc
Differential Revision:	https://reviews.freebsd.org/D34427

(cherry picked from commit 8719e8a)
  • Loading branch information
0mp committed Mar 6, 2022
1 parent b64a3b4 commit e8baa00
Showing 1 changed file with 25 additions and 1 deletion.
26 changes: 25 additions & 1 deletion share/man/man5/rc.conf.5
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd November 18, 2021
.Dd March 3, 2022
.Dt RC.CONF 5
.Os
.Sh NAME
Expand Down Expand Up @@ -4632,6 +4632,30 @@ If set to
.Dq Li YES ,
and a boot environment marked bootonce is successfully booted,
it will be made permanently active.
.It Va zfskeys_enable
.Pq Vt bool
If set to
.Dq Li YES ,
enable auto-loading of encryption keys for encrypted ZFS datasets.
For every dataset the script will first load the appropriate encryption key
and the attempt to unlock the dataset.
.Pp
The script operates only on datasets which are encrypted with
ZFS native encryption
and have a ZFS
.Dq Li keylocation
dataset property beginning with
.Dq Li file:// .
.It Va zfskeys_datasets
.Pq Vt str
A whitespace-separated list of ZFS datasets to unlock.
The list is empty by default,
which means that the script will attempt to unlock all datasets.
.It Va zfskeys_timeout
.Pq Vt int
Define the total number of seconds to wait for the zfskeys script
to unlock an encrypted dataset.
The default is 10.
.El
.Sh FILES
.Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact
Expand Down

0 comments on commit e8baa00

Please sign in to comment.