Yeah, this is something I’ve tried to resolve in the past without too much success.
When a dataset is encrypted, you can transfer it over but it will be transferred encrypted without the target server knowing how to decrypt it, at least not without a manual zfs load-key being run for the dataset on target.
The reason is that during refresh we need to:
- Revert the target to the most recent snapshot
- Transfer any new snapshots
- Transfer a temporary migration snapshot for the current state of the dataset
- Get rid of the temporary snapshot
The revert isn’t possible as it needs access to encrypted data. The rest would be fine, so if all we were doing is transfer or remove snapshots, that’d be fine, but the fact that refresh also needs to sync the state of the dataset itself is what’s causing issues.
It’s possible that there’s something we can do in the event where the key for the dataset is already loaded on the target but it’s definitely pretty tricky and pretty new logic…