[OpenIndiana-discuss] ZFS Encryption for MySQL data store

Mark Creamer whitetr6 at gmail.com
Wed Jan 18 14:59:55 UTC 2012


I'd like to get a better understanding (or have someone correct me where
I'm wrong) about using ZFS encryption for a particular zfs filesystem.

The idea is to create a zfs file system for a MySQL database to use to
store its datafiles since the database contains potentially sensitive
information. The server we would do this on already has several zfs
filesystems used for other purposes.

So if I create a new filesystem, and set encryption to on, these are the
caveats as I understand them:

1. I can snapshot and zfs send | zfs receive to a separate physical backup
server for archival storage, and as long as the receiving file system is
also set to encryption=on, the replicated data would remain encrypted with
the same passphrase
2. In order for the server to mount this filesystem on boot, someone would
need to be available to enter the passphrase - otherwise the file system
would remain unmounted, meaning MySQL could not use it

Are these two things correct? If so, is there a better solution for Item
#2, such that remotely rebooting the server would allow MySQL to start and
be able to use the file system?

-- 
Mark


More information about the OpenIndiana-discuss mailing list