I am looking to start using this library for managing zfs. I am however looking to apply native zfs encryption to my datasets. In order to also encrypt the zfs send datastream, I should set the -w (or --raw) flag to zfs send, see:
For encrypted datasets, send data exactly as it exists on disk. This allows backups to be taken even if encryption keys are not currently loaded. The backup may then be received on an untrusted machine since that machine will not have the encryption keys to read the protected data or alter it without being detected. Upon being received, the dataset will have the same encryption keys as it did on the send side, although the keylocation property will be defaulted to prompt if not otherwise provided. For unencrypted datasets, this flag will be equivalent to -Lec. Note that if you do not use this flag for sending encrypted datasets, data will be sent unencrypted and may be re-encrypted with a different encryption key on the receiving system, which will disable the ability to do a raw send to that system for incrementals.
This PR adds the functions SendSnapshotRaw and IncrementalRawSend which add this flag.
Let me know if you'd rather see this change take a different form or any other ideas/suggestions!
Hello!
I am looking to start using this library for managing zfs. I am however looking to apply native zfs encryption to my datasets. In order to also encrypt the zfs send datastream, I should set the
-w(or--raw) flag to zfs send, see:This PR adds the functions
SendSnapshotRawandIncrementalRawSendwhich add this flag.Let me know if you'd rather see this change take a different form or any other ideas/suggestions!