pool.dataset.change_key

Change encryption properties for id encrypted dataset.

Changing dataset encryption to use passphrase instead of a key is not allowed if:

  1. It has encrypted roots as children which are encrypted with a key 2) If it is a root dataset where the system dataset is located

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: id

id

Type: string

The dataset ID (full path) to change the encryption key for.
Parameter 2: options

options

Type: object

Configuration options for changing the encryption key.

 No Additional Properties

Generate Key

Type: boolean Default: false

Generate a new random encryption key instead of using a provided key or passphrase.

Key File

Type: boolean Default: false

Whether the provided key is from a key file rather than entered directly.

Pbkdf2Iters

Type: integer Default: 350000

Number of PBKDF2 iterations for passphrase-based keys. Higher values improve security against brute force attacks but increase unlock time. Default 350,000 balances security and performance.

Value must be greater or equal to 100000

Passphrase

Default: null

Passphrase to use for encryption key derivation.

Type: string

Must be at least 1 characters long

Type: null

Key

Default: null

Raw hex-encoded encryption key.

Type: string

Must be at least 64 characters long

Must be at most 64 characters long

Type: null

Result

Type: null

Returns null on successful key change.


Required roles: DATASET_WRITE