Remote Unlock of Encrypted Datasets in TrueNAS SCALE

requa3r0 · January 16, 2026, 12:11pm

<!-- Welcome to the Getting Help category!
If you need help with a problem, please always include (in your post below this comment section):
  • The output of `restic version`.
  • The complete commands that you ran (leading up to the problem or to reproduce the problem).
  • Any environment variables relevant to those commands (including their values, of course).
  • The complete output of those commands (except any repeated output when obvious it's not needed for debugging).
Thank you! --

Hi all.

Hi I am new to TrueNas. I would like to migrate, but I am really unsure if it fees my security profile.

I always use a mdadm RAID5 that unlocked automatically when decrypting a LUKS encrypted Debian server.

Meaning the data is only unlocked and available, when the encrypted server is turned on.

I’m looking to upgrade to new much lager disks, and to use ZFS pools partly for the encrypted dataset, and partly for many normal datasets for dockers etc. Meaning I would like to have a TrueNas for storage + VM servers and LXCs all on a Proxmox environment.

I’ve been exploring whether encrypted datasets in TrueNAS SCALE can be unlocked remotely in a “no-trust NAS / full-trust workload / server” architecture, and I’m trying to confirm whether what I observed is by design or a limitation that could be revisited.

I made this post

The question.

Would it help to install the app. “Restic REST Server” on the TrueNas 25.10.1 - Goldeye

Would this API allow remote unlock a dataset?

Can anyone confirm or rule out the possibility.

rawtaz · January 16, 2026, 12:40pm

Hi!

If we zoom out a bit, I must say that the general question that you are asking is not something that has anything to do with restic or REST-server.

To answer the specific question about whether REST-server can somehow help you unlock your NAS’ encryption upon use, no. It doesn’t have anything that is relevant for such a need. All REST-server does is act as an HTTP endpoint for restic and its backup repositories.

The following may be unrelated to your TrueNAS questions, but I mention it anyway, in case you are interested in using restic for your backup needs:

Restic backups are fully encrypted, and is designed around the assumption that the storage where your backups reside is fully untrusted.
What this means to you in practice is that when you use restic for backing up your data, you don’t need the storage (e.g. your NAS) to be encrypted, as restic does the encryption on the client side (before sending the encrypted data to the backup storage).

requa3r0 · January 21, 2026, 4:28pm

thanks for a very clear answer.

I guess we ca close the topic.