OMV Server with ZFS+Encryption

C-3PO · Mar 7th 2026

Dear all,

I am new to the forum. As this is my first post, I would like to thank the community for their hard work on OMV.

After years of using Synology NASes (DS1817+, DS1821+, etc), I am migrating to OMV + ZFS, because I am really interested in RAIDZ3. My setup is below in the signature. I chose to use OpenMediaVault because I am familiar with Debian and I trust Debian to be around in 10 years. Also, I like OMV philosophy and web interface.

My question is about OMV ZFS encryption. My ZFS pool was created with an encryption passphrase. After booting, I need to unlock the ZFS pool:

Code

sudo zpool import tank 
sudo zfs load-key tank 
sudo zfs mount -a

Problem: On OMV boot, zfs pool is automatically imported without encryption, so OMV is not aware of encryption. After unlocking the ZFS pool, I need to manually restart applications via systemctl restart (example: Docker).

OMV is used for secondary backup, do I don't run many applications. Currently Syncthing and Borgbackup, but I may add Docker applications now and then.

OMV is not well integrated with encryption. What do you recommend in my case?

Kind regards,

R2-D2

ryecoaaron · Mar 7th 2026

Quote from R2-D2

OMV is not well integrated with encryption.

Not with zfs (yet) but the luksencryption plugin offers auto-unlock now.

C-3PO · Mar 7th 2026

Thanks. I am quite familiar with luksencryption but the reason why I am migrating to Debian+OMV is raidz3.

I am aware that I can use a private key for zfs encryption and load it on startup, but I prefer passphrase key.

My server is located in my summer house, so it is rather unsafe.

I don't want to unlock the ZFS key automatically, but rather unlock it manually and then start other services.

I would like to do it in a clean way, therefore I am enquiring here.

C-3PO · Mar 7th 2026

Hello, Could you migrate this post to RAID subforum please ?

ryecoaaron · Mar 7th 2026

Quote from R2-D2

I am quite familiar with luksencryption but the reason why I am migrating to Debian+OMV is raidz3.

I mentioned it because you said OMV is not well integrated with encryption and that is not the case. The zfs plugin doesn't support encryption yet. I am working on it.

Quote from R2-D2

but rather unlock it manually and then start other services.

I would like to do it in a clean way, therefore I am enquiring here.

What do you mean by "clean"? The plan I had for zfs encryption in the zfs plugin is the same as the luks plugin - you enter a password/passphrase by default. You can enable auto-unlock if you want. But there is no way to have services owned by OMV or a plugin not start on boot if the plugin is enabled. You could unlock and restart the service though. If you are using docker, you can set the restart policy and the containers won't start on boot.

Quote from R2-D2

Could you migrate this post to RAID subforum please ?

Sure.

C-3PO · Mar 8th 2026

Quote from ryecoaaron

What do you mean by "clean"? The plan I had for zfs encryption in the zfs plugin is the same as the luks plugin - you enter a password/passphrase by default. You can enable auto-unlock if you want. But there is no way to have services owned by OMV or a plugin not start on boot if the plugin is enabled. You could unlock and restart the service though. If you are using docker, you can set the restart policy and the containers won't start on boot.
Sure.

Okay, understood. My Docker containers restart policy is set to "unless-stopped". SyncThing sometimes fails and restarts this way. I will set the policy to "on-failure", which restarts only when the container fails., which is what I want. Thanks!

I am not sure to be interested in auto-unlock. If my NAS is stolen and it auto-unlocks on startup, this might be counter-productive.

OMV Server with ZFS+Encryption

ryecoaaron Mar 7th 2026

C-3PO Mar 7th 2026

ryecoaaron Mar 7th 2026

Participate now!

Tags