Question: Any plans for supporting keylocation=https:// #9947

geek-at · 2020-02-05T01:04:47Z

I tried to implement a system where ZFS gets the encryption key from a local HTTP server (as described in the official oracle docs) but creating it using zfs create -o encryption=on -o keylocation=https://mykeyserver/keyforthisserver -o keyformat=raw data/enc fails with

cannot create 'data/enc2': invalid keylocation

Are there any plans on implementing it? For now I'll just mount the key via nfs and use the file:///path method

The text was updated successfully, but these errors were encountered:

behlendorf · 2020-02-05T19:26:20Z

Yes, this functionality is planned. There's an initial patch for FreeBSD which uses libfetch. It needs to be adapted for Linux to use libcurl or another library.

kimono-koans · 2020-09-08T12:09:26Z

Perhaps it should be noted that zfs-load-key will accept a key piped from std-out, so you can use curl to direct its output to a pipe to achieve a similar result. I use something similar (smbget) and a systemd service to load the keys when the network is up.

kimono-koans · 2020-09-08T12:19:54Z

Excuse me, I'm not sure this works for raw keys, but it does work for passphrases with the keylocation set to "prompt."

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

Add support for http and https to the keylocation properly to allow encryption keys to be fetched from the specified URL. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@ixsystems.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Issue openzfs#9543 Closes openzfs#9947 Closes openzfs#11956

behlendorf added the Type: Feature Feature request or new feature label Feb 5, 2020

behlendorf added this to FreeBSD Features in OpenZFS 2.0 Feb 5, 2020

behlendorf removed this from FreeBSD Features (In Progress) in OpenZFS 2.0 Dec 1, 2020

behlendorf added this to To do in FreeBSD via automation Dec 1, 2020

nabijaczleweli mentioned this issue Apr 25, 2021

etc/systemd/zfs-mount-generator: rewrite in C #11917

Closed

13 tasks

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: support keylocation=https://, backed by fetch(3) or libcurl

c6f593f

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: support keylocation=https://, backed by fetch(3) or libcurl

f283084

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

d5cbb89

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

d54257a

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

7426392

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

c570f95

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

cec918e

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

15f31e3

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

5794395

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

0fcbd9b

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli mentioned this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl #11956

Merged

13 tasks

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

b3000a7

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

b9cb6a5

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 27, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

1b2241e

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

3f47cf5

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

c9f354f

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

774436d

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

40ebabc

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

596a15f

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

a135361

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

cd58791

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue Apr 28, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

c3ad219

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 3, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

4d893fc

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

3fc877e

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

f69acb3

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

5258338

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

624f2a3

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

1f7561f

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

4124fb2

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

6bbd9de

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 4, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

f3ef082

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 5, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

7d485ef

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 5, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

8530482

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 5, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

ec42252

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 5, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

9072a52

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 8, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

c35fb7f

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 8, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

3c518f1

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

dee5234

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

2816d71

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

cbb4c0a

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

d7722ba

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

d3cd72f

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

f190ecd

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

96819cd

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

21fd8d7

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

nabijaczleweli added a commit to nabijaczleweli/zfs that referenced this issue May 12, 2021

libzfs: add keylocation=https://, backed by fetch(3) or libcurl

e1ab4a5

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Ref: openzfs#9543 Closes openzfs#9947

behlendorf closed this as completed in 3708689 May 13, 2021

FreeBSD automation moved this from To do to Done May 13, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Question: Any plans for supporting keylocation=https:// #9947

Question: Any plans for supporting keylocation=https:// #9947

geek-at commented Feb 5, 2020

behlendorf commented Feb 5, 2020

kimono-koans commented Sep 8, 2020

kimono-koans commented Sep 8, 2020

Question: Any plans for supporting keylocation=https:// #9947

Question: Any plans for supporting keylocation=https:// #9947

Comments

geek-at commented Feb 5, 2020

behlendorf commented Feb 5, 2020

kimono-koans commented Sep 8, 2020

kimono-koans commented Sep 8, 2020