Back up encrypted ZFS data without decrypting it, even if TrueNAS does not approve
[Michael Lynch] recently replaced his Synology NAS with a self-built solution based on ZFS, a file system with a cool feature: the ability to back up encrypted data without having to decrypt it first. The only problem is that [Michael] uses TrueNAS, and TrueNAS only wants to back up unencrypted ZFS data to another TrueNAS system. Fortunately, there is a way around this problem that is not particularly complicated, but certainly requires using the right tools. It also provides an educational overview of how ZFS handles these elements.
The solution consists of a small handful of shell scripts to manage full and incremental backups and restores of encrypted datasets, without having to decrypt the data first. As mentioned, this is something TrueNAS will handle by default, but only if the destination is also a TrueNAS system. Now [Michael] can send that backup to offsite cloud storage with just a little extra work.
There is an additional trick that [Michael] uses to monitor his saves. It operates a paid service (but with a free tier) called Cronitor. It's not very obvious from the features of the site, but there is a way to implement cron job monitoring that doesn't require adding any software. Here's how that part works: Cronitor provides a unique, personalized URL. If this URL is not visited regularly (for example, because the cron job fails), the user is notified. By integrating this into an existing cron job, one can be notified. Such an integration would look like this:
0 0 3 * * monthly job && curl --silent https://cronitor.link/p//monthly-job?state=completeIn short, if the cron job runs successfully, curl registers by visiting the custom URL. If this does not happen, the user receives a notification. No additional software, just simple use of a free service for extra peace of mind.
Backups are easy to overlook, so maybe it's time to take a few moments to think about what you're doing for data storage, including how you would recover from a disaster.
[Michael Lynch] recently replaced his Synology NAS with a self-built solution based on ZFS, a file system with a cool feature: the ability to back up encrypted data without having to decrypt it first. The only problem is that [Michael] uses TrueNAS, and TrueNAS only wants to back up unencrypted ZFS data to another TrueNAS system. Fortunately, there is a way around this problem that is not particularly complicated, but certainly requires using the right tools. It also provides an educational overview of how ZFS handles these elements.
The solution consists of a small handful of shell scripts to manage full and incremental backups and restores of encrypted datasets, without having to decrypt the data first. As mentioned, this is something TrueNAS will handle by default, but only if the destination is also a TrueNAS system. Now [Michael] can send that backup to offsite cloud storage with just a little extra work.
There is an additional trick that [Michael] uses to monitor his saves. It operates a paid service (but with a free tier) called Cronitor. It's not very obvious from the features of the site, but there is a way to implement cron job monitoring that doesn't require adding any software. Here's how that part works: Cronitor provides a unique, personalized URL. If this URL is not visited regularly (for example, because the cron job fails), the user is notified. By integrating this into an existing cron job, one can be notified. Such an integration would look like this:
0 0 3 * * monthly job && curl --silent https://cronitor.link/p//monthly-job?state=completeIn short, if the cron job runs successfully, curl registers by visiting the custom URL. If this does not happen, the user receives a notification. No additional software, just simple use of a free service for extra peace of mind.
Backups are easy to overlook, so maybe it's time to take a few moments to think about what you're doing for data storage, including how you would recover from a disaster.
What's Your Reaction?
