diff options
| author | наб <[email protected]> | 2021-05-13 06:21:35 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2021-05-12 21:21:35 -0700 |
| commit | 37086897b06a070d957226dbf860b4673906dc70 (patch) | |
| tree | a430c4472b001d899eeee5bded50017d5d796300 /man | |
| parent | 7d07d1be39f4bc36930e304e36e95b712e379a5e (diff) | |
libzfs: add keylocation=https://, backed by fetch(3) or libcurl
Add support for http and https to the keylocation properly to
allow encryption keys to be fetched from the specified URL.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Issue #9543
Closes #9947
Closes #11956
Diffstat (limited to 'man')
| -rw-r--r-- | man/man8/zfsprops.8 | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/man/man8/zfsprops.8 b/man/man8/zfsprops.8 index 9ae77e7bf..242a8817e 100644 --- a/man/man8/zfsprops.8 +++ b/man/man8/zfsprops.8 @@ -1085,7 +1085,7 @@ encryption suite cannot be changed after dataset creation, the keyformat can be with .Nm zfs Cm change-key . .It Xo -.Sy keylocation Ns = Ns Sy prompt Ns | Ns Sy file:// Ns Em </absolute/file/path> +.Sy keylocation Ns = Ns Sy prompt Ns | Ns Sy file:// Ns Em </absolute/file/path> Ns | Ns Sy https:// Ns Em <address> | Ns Sy http:// Ns Em <address> .Xc Controls where the user's encryption key will be loaded from by default for commands such as @@ -1109,7 +1109,22 @@ to access the encrypted data (see for details). This setting will also allow the key to be passed in via STDIN, but users should be careful not to place keys which should be kept secret on the command line. If a file URI is selected, the key will be loaded from the -specified absolute file path. +specified absolute file path. If an HTTPS or HTTP URL is selected, +it will be GETted using +.Xr fetch 3 , +libcurl, or nothing, depending on compile-time configuration and run-time +availability. The +.Ev SSL_CA_CERT_FILE +environment variable can be set to set the location +of the concatenated certificate store. The +.Ev SSL_CA_CERT_PATH +environment variable can be set to override the location +of the directory containing the certificate authority bundle. The +.Ev SSL_CLIENT_CERT_FILE +and +.Ev SSL_CLIENT_KEY_FILE +environment variables can be set to configure the path +to the client certificate and its key. .It Sy pbkdf2iters Ns = Ns Ar iterations Controls the number of PBKDF2 iterations that a .Sy passphrase |