c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-01-25 10:12:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

zfsprops(7): attempt to clarify the keylocation description

Browse Source 
The current description is somewhat difficult to parse through, and in
some cases is a little unclear as to the behavior.

Split it into a paragraphs based on the three distinct behaviors you
may get: prompt, file URL, HTTP(S) URL.  The descriptions of the file
and HTTP(s) behavior seems fine, but prompt is a little vague- expand
on it and make it clear that the behavior is actively based on whether
the inquisitor of key-data is provided with a tty for stdin or not.

Also clarify *why* one shouldn't "place keys which should be kept secret
on the command line" and note that you *have* to supply the key via
stdin if it's a raw key, just to be sure.

Reviewed-by: Allan Jude <allan@klarasystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Closes #17742
This commit is contained in:
Kyle Evans 2025-09-15 12:26:17 -05:00 committed by Brian Behlendorf
parent a4cb155e8d
commit 8b548776ff
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
man/man7/zfsprops.7
View File

@ -39,7 +39,7 @@
.\" Copyright (c) 2019, Kjeld Schouten-Lebbing
.\" Copyright (c) 2022 Hewlett Packard Enterprise Development LP.
.\"
.Dd August 6, 2025
.Dd September 13, 2025
.Dt ZFSPROPS 7
.Os
.
@ -1192,18 +1192,26 @@ keylocation can be with either
.Nm zfs Cm set
or
.Nm zfs Cm change-key .
.Pp
If
.Sy prompt
is selected ZFS will ask for the key at the command prompt when it is required
to access the encrypted data (see
is selected, ZFS will expect the key to be provided when it is required to
access the encrypted data (see
.Nm zfs Cm load-key
for details).
This setting will also allow the key to be passed in via the standard input
stream,
but users should be careful not to place keys which should be kept secret on
the command line.
If a file URI is selected, the key will be loaded from the
If stdin is a TTY, then ZFS will ask for the key to be provided.
Otherwise, stdin is expected to be the key to use and will be processed as such.
Users should be careful not to place keys which should be kept secret on the
command line, as most operating systems may expose command line arguments to
other processes.
If the
.Dq raw
.Sy keyformat
was used, then the key must be provided via stdin.
.Pp
If a file URL is selected, the key will be loaded from the
specified absolute file path.
.Pp
If an HTTPS or HTTP URL is selected, it will be GETted using
.Xr fetch 3 ,
libcurl, or nothing, depending on compile-time configuration and run-time