On my laptop today I reinstalled LXD in order to match compression with what I use on my webserver.
I created the LXD ZFS dataset manually via:
sudo zfs create -o mountpoint=none -o atime=off -o xattr=sa -o compression=zstd -o encryption=on -o keylocation=file:///etc/zfs/john.key -o keyformat=passphrase rpool/lxd
So encryption = on.
To get some info on the rpool/lxd filesystem:
$ sudo zfs list -o name,compression,encryption,keylocation,copies,atime,xattr,mountpoint -r rpool/lxd
NAME COMPRESS ENCRYPTION KEYLOCATION COPIES ATIME XATTR MOUNTPOINT
rpool/lxd zstd aes-256-gcm file:///etc/zfs/john.key 1 off sa legacy
rpool/lxd/buckets zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/containers zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/containers/myforum zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/custom zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/deleted zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/deleted/buckets zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/deleted/containers zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/deleted/custom zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/deleted/images zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/deleted/virtual-machines zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/images zstd aes-256-gcm none 1 off sa legacy
rpool/lxd/virtual-machines zstd aes-256-gcm none 1 off sa legacy
My question is about the KEYLOCATION part of that output. Specifically, “none” listed for everything that LCD added under rpool/lxd.
Does “none” under KEYLOCATION there simply mean the keylocation was inherited from rpool/lxd?
Or, is LXD using something else for the encryption key of those datasets nested under rpool/lxd?