Skip to main content

Unlock encrypted OpenZFS datasets over a restricted SSH receiver

Project description

ZFS Unlock

PyPI Python Docs Nix Tests License

ZFS Unlock Logo

Automatically unlock your encrypted OpenZFS datasets after every reboot — without keeping the keys on the machine they protect.

Why?

OpenZFS native encryption keeps your data safe at rest, but every reboot leaves your datasets locked until the key is reloaded. The obvious way to automate that — storing the key on the storage host — quietly defeats the point: anyone who steals the host gets the data and the key to it.

zfs-unlock keeps your passphrases on a separate, trusted device — a Raspberry Pi, a spare home server, anything small — and sends them to the storage host over a locked-down SSH channel, automatically, as soon as the host is reachable. The keys never live on the machine they protect, so a stolen host is just a box of encrypted bytes.

Think of it as a hardware security key for your storage: a small device tucked away on your network that unlocks your datasets whenever your ZFS host boots — no manual step, no keys left behind.

How it works

Two machines, two roles:

  • the unlock device stores the passphrases and runs zfs-unlock unlock — once, or as a daemon that waits for the host to come online
  • the ZFS host runs a restricted receiver that can only check, unlock, or lock the datasets you explicitly allow
flowchart LR
    subgraph unlock["🔑 Unlock device — trusted"]
        pass["passphrases<br/>(stored only here)"] -.-> cli["zfs-unlock unlock"]
    end

    subgraph host["🗄️ ZFS host — encrypted data only"]
        recv["restricted receiver<br/>status · unlock · lock"] --> allow{"allowlist<br/>check"}
        allow -->|allowed| load["zfs load-key<br/>+ mount"]
    end

    cli ==>|"passphrase over restricted SSH<br/>(only when the host is reachable)"| recv

Nix is optional: the Python CLI and the SSH receiver run anywhere, and the included NixOS modules simply automate the setup when you want it.

Security model

Letting another machine unlock your storage sounds risky, so the receiver is deliberately narrow — nothing like handing out a root SSH key:

  • a dedicated zfs-unlock SSH user, never root
  • an SSH key restricted with restrict, from=..., and a forced command=...
  • sudo limited to a single root-owned receiver wrapper
  • a receiver-side allowlist of the datasets it may touch
  • a parser that accepts only status, unlock, and lock

So even if the receiver key leaks, it can't run arbitrary commands on the storage host — only those three actions, only on the datasets you allowlisted, and only from the address you allowed.

Two limits of that model are worth stating plainly:

  • A leaked receiver key is still a denial-of-service key. lock and lock --force don't need the passphrase, so a stolen key can lock your datasets or force-unmount them (disrupting whatever is using them). It can't unlock anything — unlocking always needs the passphrase, which never leaves the unlock device.
  • Passphrase secrecy in transit depends on SSH host-key verification. The passphrase travels to the host over SSH, so a machine-in-the-middle that host-key checking doesn't catch could capture it. The client runs SSH in batch mode, so it refuses an unknown or changed host key instead of trusting it blindly — but that protection only holds if you pin the real key first. Before first use, add the host key to known_hosts and verify its fingerprint out of band (zfs-unlock doctor prints the exact ssh-keyscan command when the key is missing). Don't set StrictHostKeyChecking no for this host — it disables the check and exposes the passphrase to interception.

Table of Contents

Install

Nix is optional. zfs-unlock is a Python package; install it with uv or pip on the unlock device, and on the ZFS host if you configure the receiver manually. The NixOS modules below are convenience wrappers for creating the receiver account, forced command, sudo rule, allowlist, and client service.

# With uv (recommended)
uv tool install zfs-unlock

# With pip
pip install zfs-unlock

Setup

Generate a dedicated SSH key on the off-box unlock device:

zfs-unlock keygen --identity-file ~/.ssh/zfs-unlock-receiver --comment pi4-zfs-unlock

Add the printed public key to the receiver host's authorizedKeys list below, then create ~/.config/zfs-unlock/config.yaml on the off-box unlock device:

host: zfs-host.example.lan
user: zfs-unlock
identity_file: ~/.ssh/zfs-unlock-receiver
# command_timeout: 30

# secrets: auto  # auto (default) | files | inline

datasets:
  tank/syncthing: ~/.secrets/syncthing-key
  tank/photos: my-literal-passphrase

The secrets mode controls how values are interpreted:

  • auto (default): if file exists, read from it; otherwise use as literal
  • files: always treat values as file paths
  • inline: always treat values as literal secrets

On the ZFS host, enable the forced-command receiver. The receiver is just zfs-unlock receiver --allow-file ... --zfs-path ... behind a restricted SSH forced command. With NixOS flakes, the optional module can generate that setup:

{
  inputs.zfs-unlock.url = "github:basnijholt/zfs-unlock";

  outputs = { nixpkgs, zfs-unlock, ... }: {
    nixosConfigurations.storage = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        zfs-unlock.nixosModules.receiver
        ./hosts/storage/default.nix
      ];
    };
  };
}

Then configure only the receiver policy on the ZFS host:

{
  services.zfsUnlock.receiver = {
    enable = true;
    allowedFrom = [ "192.168.1.50" ];
    authorizedKeys = [
      "ssh-ed25519 AAAA... unlock-device"
    ];
    datasets = [
      "tank/syncthing"
      "tank/photos"
    ];
  };
}

The module creates the zfs-unlock SSH user, forced command, sudo rule, receiver wrapper, login shell, and /etc/zfs-unlock/allowed-datasets. The receiver still checks each requested dataset against that allowlist. By default the module also enables systemd linger for the receiver user. That keeps the receiver user's systemd user manager stable across short-lived forced-command SSH sessions and avoids NixOS switch-time D-Bus races after the receiver account has been used. Set services.zfsUnlock.receiver.enableLinger = false if you do not want the module to manage linger for that user.

On a NixOS unlock device, include the client module and enable the daemon:

{
  imports = [
    zfs-unlock.nixosModules.client
  ];

  services.zfsUnlock.client = {
    enable = true;
    user = "alice";
    group = "users";
  };
}

The client module creates a zfs-unlock.service system service, runs the packaged zfs-unlock executable, installs that CLI into the system profile, adds OpenSSH to the service PATH, and sets HOME/XDG_CONFIG_HOME so the normal user config is found.

After rebuilding the receiver host, verify the client and receiver path:

zfs-unlock doctor

doctor also checks that the configured SSH identity file and file-backed dataset secrets are private to the local user.

Usage

# Run once
zfs-unlock unlock

# Run as daemon
# (Polls every 30s; every 1s while the host is unreachable, capped at ~5 min)
zfs-unlock unlock --daemon

# Custom interval (for the "relaxed" state)
zfs-unlock unlock --daemon --interval 60

# Dry run
zfs-unlock unlock --dry-run

# Check config, key, network, and receiver status
zfs-unlock doctor

# Show configured dataset status
zfs-unlock status

# Lock a dataset after its services have stopped using it
zfs-unlock lock -D tank/photos

# Force-unmount mounted descendants before unloading the key
zfs-unlock lock --force -D tank/photos

-D selects datasets by exact path or glob (for example -D 'tank/*'); it never matches substrings. Unlike shell globs, * also matches across /: tank/* selects every configured dataset under tank, nested children included.

zfs-unlock lock can fail with Key unload error: '<dataset>' is busy when a service still has files open on that dataset. Stop the service first, or use --force when you intentionally want to unmount the dataset and disrupt those processes. Even with --force, OpenZFS can refuse to unmount a dataset that is still held by NFS, SMB, client mounts, or kernel users. Unmount clients or stop exports first, then retry the lock.

Bare zfs-unlock shows help and does not unlock anything. Use the explicit unlock subcommand for state-changing unlock operations.

CLI

zfs-unlock --help
 Usage: zfs-unlock [OPTIONS] COMMAND [ARGS]...

 Unlock OpenZFS datasets over a restricted SSH receiver

╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --version  -v        Show version and exit                                   │
│ --help     -h        Show this message and exit.                             │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Client Commands ────────────────────────────────────────────────────────────╮
│ unlock    Unlock configured datasets.                                        │
│ lock      Lock configured datasets.                                          │
│ status    Show lock status of configured datasets.                           │
│ doctor    Check client config, SSH key, host reachability, and receiver      │
│           status.                                                            │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Setup Commands ─────────────────────────────────────────────────────────────╮
│ keygen    Generate a dedicated SSH key for zfs-unlock.                       │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Receiver Commands ──────────────────────────────────────────────────────────╮
│ receiver  Run the restricted receiver.                                       │
╰──────────────────────────────────────────────────────────────────────────────╯
╭─ Service Commands ───────────────────────────────────────────────────────────╮
│ service   Manage system service                                              │
╰──────────────────────────────────────────────────────────────────────────────╯

Running as a Service

On NixOS, prefer the services.zfsUnlock.client module shown above. The portable CLI installer auto-detects Linux (systemd) or macOS (launchd) and pins the service to the zfs-unlock executable currently on PATH, so the daemon always runs the same version you installed. If zfs-unlock is not on PATH, it falls back to launching the latest release through uv.

# Install and start
zfs-unlock service install

# Check status
zfs-unlock service status

# View logs (follows by default)
zfs-unlock service logs

# Uninstall
zfs-unlock service uninstall

Development

# Clone and install
git clone https://github.com/basnijholt/zfs-unlock
cd zfs-unlock
uv sync --dev

# Run tests
uv run pytest

# Run lints
uv run ruff check .
uv run mypy zfs_unlock

Credits

zfs-unlock grew out of truenas-unlock: I used that happily on TrueNAS, then built this generic OpenZFS version after moving my storage host from TrueNAS to NixOS.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zfs_unlock-0.7.0.tar.gz (108.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

zfs_unlock-0.7.0-py3-none-any.whl (26.8 kB view details)

Uploaded Python 3

File details

Details for the file zfs_unlock-0.7.0.tar.gz.

File metadata

  • Download URL: zfs_unlock-0.7.0.tar.gz
  • Upload date:
  • Size: 108.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for zfs_unlock-0.7.0.tar.gz
Algorithm Hash digest
SHA256 75f26143e167de4e3386f0cded00718325b860df2980e95fdf97f6d79d3b28f5
MD5 80beb56901d3adf5dba887bacbe77854
BLAKE2b-256 6c0b1cf0328bcded1eb930ae16bdad89bcd15336a7bc97cecc28c3a188e85cb1

See more details on using hashes here.

Provenance

The following attestation bundles were made for zfs_unlock-0.7.0.tar.gz:

Publisher: release.yml on basnijholt/zfs-unlock

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file zfs_unlock-0.7.0-py3-none-any.whl.

File metadata

  • Download URL: zfs_unlock-0.7.0-py3-none-any.whl
  • Upload date:
  • Size: 26.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for zfs_unlock-0.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 769b7be33a946f03cb46ab6981aa37fa38435fec1122ede8dc3fdd4ed1105252
MD5 edd5c5bf83e3ac52f89d38984211446e
BLAKE2b-256 88a73988d861cb708d0e1649f4c9844e6251d90918a2e3faebc14824e47fffdc

See more details on using hashes here.

Provenance

The following attestation bundles were made for zfs_unlock-0.7.0-py3-none-any.whl:

Publisher: release.yml on basnijholt/zfs-unlock

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page