Sign in to follow this  
Followers 0
lattera

Encrypted ZFS Backups

1 post in this topic

One of OpenSolaris's heralding features is a next-gen filesystem called ZFS. Managing ZFS backups could not be easier. All you need to run is zfs snapshot tank/dataset@backup. If you want to replicate or store that snapshot on another machine, you can run zfs send tank/dataset@backup > backup.zfs.

I'll be demoing how to use GPG2 to encrypt ZFS backups created with zfs send. Here's the commands I used to do it:

root@shawn-desktop:~# chmod A+user:shawn:full_set:fd:allow /datumz/

root@shawn-desktop:~# logout

shawn@shawn-desktop:~$ zfs create datumz/demo

shawn@shawn-desktop:~$ echo "this is a test" > /datumz/demo/testfile

shawn@shawn-desktop:~$ zfs snapshot datumz/demo@backup

shawn@shawn-desktop:~$ zfs send datumz/demo@backup | gpg2 -e -r "Shawn Webb" -o datumz_demo\@backup.zfs.gpg

Warning: using insecure memory!

shawn@shawn-desktop:~$ zfs destroy -r datumz/demo

shawn@shawn-desktop:~$ gpg2 -d datumz_demo\@backup.zfs.gpg | zfs recv datumz/demo

Warning: using insecure memory!

You need a passphrase to unlock the secret key for

user: "Shawn Webb "

4096-bit RSA key, ID F751C7BB, created 2010-04-27 (main key ID 5B242D25)

can't connect to `/home/shawn/.gnupg/S.gpg-agent': No such file or directory

Warning: using insecure memory!

gpg: encrypted with 4096-bit RSA key, ID F751C7BB, created 2010-04-27

"Shawn Webb "

shawn@shawn-desktop:~$ ls /datumz/demo/

testfile

So you can see how easy it is to manage and create snapshots and backups of ZFS datasets. I love that the backup files are never stored in plaintext. They're stored encrypted.

Originally posted on my tech blog

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0