Sign in to follow this  
Followers 0

Encrypted ZFS Backups

1 post in this topic

One of OpenSolaris's heralding features is a next-gen filesystem called ZFS. Managing ZFS backups could not be easier. All you need to run is zfs snapshot tank/dataset@backup. If you want to replicate or store that snapshot on another machine, you can run zfs send tank/dataset@backup > backup.zfs.

I'll be demoing how to use GPG2 to encrypt ZFS backups created with zfs send. Here's the commands I used to do it:

root@shawn-desktop:~# chmod A+user:shawn:full_set:fd:allow /datumz/

root@shawn-desktop:~# logout

shawn@shawn-desktop:~$ zfs create datumz/demo

shawn@shawn-desktop:~$ echo "this is a test" > /datumz/demo/testfile

shawn@shawn-desktop:~$ zfs snapshot datumz/demo@backup

shawn@shawn-desktop:~$ zfs send datumz/demo@backup | gpg2 -e -r "Shawn Webb" -o datumz_demo\@backup.zfs.gpg

Warning: using insecure memory!

shawn@shawn-desktop:~$ zfs destroy -r datumz/demo

shawn@shawn-desktop:~$ gpg2 -d datumz_demo\@backup.zfs.gpg | zfs recv datumz/demo

Warning: using insecure memory!

You need a passphrase to unlock the secret key for

user: "Shawn Webb "

4096-bit RSA key, ID F751C7BB, created 2010-04-27 (main key ID 5B242D25)

can't connect to `/home/shawn/.gnupg/S.gpg-agent': No such file or directory

Warning: using insecure memory!

gpg: encrypted with 4096-bit RSA key, ID F751C7BB, created 2010-04-27

"Shawn Webb "

shawn@shawn-desktop:~$ ls /datumz/demo/


So you can see how easy it is to manage and create snapshots and backups of ZFS datasets. I love that the backup files are never stored in plaintext. They're stored encrypted.

Originally posted on my tech blog


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0