rc.conf: Document zfskeys

Fixes: 33ff39796f Add zfskeys rc.d script for auto-loading encryption keys MFC after: 3 days Reviewed by: allanjude Sponsored by: Modirum Sponsored by: Klara, Inc Differential Revision: https://reviews.freebsd.org/D34427
2022-03-03 20:03:09 +01:00 · 2022-03-03 20:03:09 +01:00 · 8719e8a951
commit 8719e8a951
parent 5bed7d2fa1
1 changed files with 25 additions and 1 deletions
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 30, 2021
+.Dd March 3, 2022
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@ -4641,6 +4641,30 @@ If set to
 .Dq Li YES ,
 and a boot environment marked bootonce is successfully booted,
 it will be made permanently active.
+.It Va zfskeys_enable
+.Pq Vt bool
+If set to
+.Dq Li YES ,
+enable auto-loading of encryption keys for encrypted ZFS datasets.
+For every dataset the script will first load the appropriate encryption key
+and the attempt to unlock the dataset.
+.Pp
+The script operates only on datasets which are encrypted with
+ZFS native encryption
+and have a ZFS
+.Dq Li keylocation
+dataset property beginning with
+.Dq Li file:// .
+.It Va zfskeys_datasets
+.Pq Vt str
+A whitespace-separated list of ZFS datasets to unlock.
+The list is empty by default,
+which means that the script will attempt to unlock all datasets.
+.It Va zfskeys_timeout
+.Pq Vt int
+Define the total number of seconds to wait for the zfskeys script
+to unlock an encrypted dataset.
+The default is 10.
 .El
 .Sh FILES
 .Bl -tag -width ".Pa /etc/defaults/rc.conf" -compact