Table Of Contents
- JSON-RPC 2.0 over WebSocket API
- API Methods
- acme.dns.authenticator
- alert
- alertclasses
- alertservice
- api_key
- app
- app.available
- app.available_space
- app.categories
- app.certificate_choices
- app.config
- app.container_console_choices
- app.container_ids
- app.convert_to_custom
- app.create
- app.delete
- app.get_instance
- app.gpu_choices
- app.ip_choices
- app.latest
- app.outdated_docker_images
- app.pull_images
- app.query
- app.redeploy
- app.rollback
- app.rollback_versions
- app.similar
- app.start
- app.stop
- app.update
- app.upgrade
- app.upgrade_summary
- app.used_ports
- app.image
- app.ix_volume
- app.registry
- audit
- auth
- auth.twofactor
- boot
- boot.environment
- catalog
- certificate
- cloud_backup
- cloudsync
- cloudsync.credentials
- config
- core
- cronjob
- device
- directoryservices
- disk
- dns
- docker
- docker.network
- enclosure.label
- failover.disabled
- failover.reboot
- filesystem
- filesystem.acltemplate
- ftp
- group
- idmap
- initshutdownscript
- interface
- interface.bridge_members_choices
- interface.cancel_rollback
- interface.checkin
- interface.checkin_waiting
- interface.choices
- interface.commit
- interface.create
- interface.default_route_will_be_removed
- interface.delete
- interface.get_instance
- interface.has_pending_changes
- interface.ip_in_use
- interface.lacpdu_rate_choices
- interface.lag_ports_choices
- interface.query
- interface.rollback
- interface.save_default_route
- interface.services_restarted_on_sync
- interface.update
- interface.vlan_parent_interface_choices
- interface.websocket_interface
- interface.websocket_local_ip
- interface.xmit_hash_policy_choices
- ipmi
- ipmi.chassis
- ipmi.lan
- ipmi.sel
- iscsi.auth
- iscsi.extent
- iscsi.global
- iscsi.initiator
- iscsi.portal
- iscsi.target
- iscsi.targetextent
- jbof
- k8s_to_docker
- kerberos
- kerberos.keytab
- kerberos.realm
- keychaincredential
- keychaincredential.create
- keychaincredential.delete
- keychaincredential.generate_ssh_key_pair
- keychaincredential.get_instance
- keychaincredential.query
- keychaincredential.remote_ssh_host_key_scan
- keychaincredential.remote_ssh_semiautomatic_setup
- keychaincredential.setup_ssh_connection
- keychaincredential.update
- keychaincredential.used_by
- kmip
- network.configuration
- network.general
- nfs
- nvmet.global
- nvmet.host
- nvmet.host_subsys
- nvmet.namespace
- nvmet.port
- nvmet.port_subsys
- nvmet.subsys
- pool
- pool.attach
- pool.attachments
- pool.create
- pool.ddt_prefetch
- pool.ddt_prune
- pool.detach
- pool.expand
- pool.export
- pool.filesystem_choices
- pool.get_disks
- pool.get_instance
- pool.import_find
- pool.import_pool
- pool.is_upgraded
- pool.offline
- pool.online
- pool.processes
- pool.query
- pool.remove
- pool.replace
- pool.scrub
- pool.update
- pool.upgrade
- pool.validate_name
- pool.dataset
- pool.dataset.attachments
- pool.dataset.change_key
- pool.dataset.checksum_choices
- pool.dataset.compression_choices
- pool.dataset.create
- pool.dataset.delete
- pool.dataset.destroy_snapshots
- pool.dataset.details
- pool.dataset.encryption_algorithm_choices
- pool.dataset.encryption_summary
- pool.dataset.export_key
- pool.dataset.export_keys
- pool.dataset.export_keys_for_replication
- pool.dataset.get_instance
- pool.dataset.get_quota
- pool.dataset.inherit_parent_encryption_properties
- pool.dataset.lock
- pool.dataset.processes
- pool.dataset.promote
- pool.dataset.query
- pool.dataset.recommended_zvol_blocksize
- pool.dataset.recordsize_choices
- pool.dataset.rename
- pool.dataset.set_quota
- pool.dataset.snapshot_count
- pool.dataset.unlock
- pool.dataset.update
- pool.resilver
- pool.scrub
- pool.snapshot
- pool.snapshottask
- pool.snapshottask.create
- pool.snapshottask.delete
- pool.snapshottask.delete_will_change_retention_for
- pool.snapshottask.get_instance
- pool.snapshottask.max_count
- pool.snapshottask.max_total_count
- pool.snapshottask.query
- pool.snapshottask.run
- pool.snapshottask.update
- pool.snapshottask.update_will_change_retention_for
- privilege
- replication
- replication.count_eligible_manual_snapshots
- replication.create
- replication.create_dataset
- replication.delete
- replication.get_instance
- replication.list_datasets
- replication.list_naming_schemas
- replication.query
- replication.restore
- replication.run
- replication.run_onetime
- replication.target_unmatched_snapshots
- replication.update
- replication.config
- reporting
- reporting.exporters
- route
- rsynctask
- service
- sharing.nfs
- sharing.smb
- smb
- snmp
- ssh
- staticroute
- support
- system
- system.advanced
- system.advanced.config
- system.advanced.get_gpu_pci_choices
- system.advanced.login_banner
- system.advanced.sed_global_password
- system.advanced.sed_global_password_is_set
- system.advanced.serial_port_choices
- system.advanced.syslog_certificate_authority_choices
- system.advanced.syslog_certificate_choices
- system.advanced.update
- system.advanced.update_gpu_pci_ids
- system.general
- system.general.checkin
- system.general.checkin_waiting
- system.general.config
- system.general.country_choices
- system.general.kbdmap_choices
- system.general.local_url
- system.general.timezone_choices
- system.general.ui_address_choices
- system.general.ui_certificate_choices
- system.general.ui_httpsprotocols_choices
- system.general.ui_restart
- system.general.ui_v6address_choices
- system.general.update
- system.global
- system.ntpserver
- system.reboot
- system.security
- system.security.info
- systemdataset
- tn_connect
- truecommand
- truenas
- tunable
- update
- ups
- user
- virt.device
- virt.global
- virt.instance
- virt.instance.create
- virt.instance.delete
- virt.instance.device_add
- virt.instance.device_delete
- virt.instance.device_list
- virt.instance.device_update
- virt.instance.get_instance
- virt.instance.image_choices
- virt.instance.query
- virt.instance.restart
- virt.instance.set_bootable_disk
- virt.instance.start
- virt.instance.stop
- virt.instance.update
- virt.volume
- vmware
- API Events
- acme.dns.authenticator
- alert
- alertservice
- api_key
- app
- app.image
- app.registry
- certificate
- cloud_backup
- cloudsync
- cloudsync.credentials
- core
- cronjob
- docker.network
- filesystem.acltemplate
- group
- initshutdownscript
- interface
- iscsi.auth
- iscsi.extent
- iscsi.initiator
- iscsi.portal
- iscsi.target
- iscsi.targetextent
- jbof
- kerberos.keytab
- kerberos.realm
- keychaincredential
- nvmet.host
- nvmet.host_subsys
- nvmet.namespace
- nvmet.port
- nvmet.port_subsys
- nvmet.subsys
- pool
- pool.dataset
- pool.scrub
- pool.snapshot
- pool.snapshottask
- privilege
- replication
- reporting.exporters
- rsynctask
- service
- sharing.nfs
- staticroute
- system.ntpserver
- tunable
- user
- virt.instance
- virt.volume
- vmware
- Jobs
- Query Methods
Previous topic
Next topic
pool.dataset.unlock¶
Unlock dataset id (and its children if unlock_options.recursive is true).
If id dataset is not encrypted an exception will be raised. There is one exception: when id is a root dataset and unlock_options.recursive is specified, encryption validation will not be performed for id. This allow unlocking encrypted children for the entire pool id.
There are two ways to supply the key(s)/passphrase(s) for unlocking a dataset:
Upload a json file which contains encrypted dataset keys (it will be read from the input pipe if unlock_options.key_file is true). The format is the one that is used for exporting encrypted dataset keys (pool.export_keys).
Specify a key or a passphrase for each unlocked dataset using unlock_options.datasets.
No Additional Items
Tuple Validation
Parameter 1: id
id
Type: stringParameter 2: options
options
Type: objectNo Additional Properties
Force
Type: boolean Default: falseIn some cases it's possible that the provided key/passphrase is valid but the path where the dataset is supposed
to be mounted after being unlocked already exists and is not empty. In this case, unlock operation would fail. This
can be overridden by setting datasets.X.force boolean flag or by setting force flag. When any of these flags
are set, system will rename the existing directory/file path where the dataset should be mounted resulting in
successful unlock of the dataset.
Key File
Type: boolean Default: falseRecursive
Type: boolean Default: falseToggle Attachments
Type: boolean Default: trueWhether attachments should be put in action after unlocking the dataset(s). Toggling attachments can
theoretically lead to service interruption when daemons configurations are reloaded (this should not happen, and if
this happens it should be considered a bug). As TrueNAS does not have a state for resources that should be unlocked
but are still locked, disabling this option will put the system into an inconsistent state so it should really
never be disabled.
Datasets
Type: array of object Default: []No Additional Items
Each item of this array must be:
PoolDatasetUnlockOptionsDataset
Type: objectNo Additional Properties
Force
Type: boolean Default: falseName
Type: stringMust be at least 1 characters long
Key
Type: stringMust be at least 64 characters long
Must be at most 64 characters long
Passphrase
Type: stringMust be at least 1 characters long
Recursive
Type: boolean Default: falseApply the key or passphrase to all encrypted children.
PoolDatasetUnlock
Type: objectNo Additional Properties
Unlocked
Type: array of stringNo Additional Items
Each item of this array must be:
Failed
Type: objectRequired roles: DATASET_WRITE