From 77449a1ab0467a6fc43211a9c19d6f60be52a737 Mon Sep 17 00:00:00 2001
From: Richard Laager <rlaager@wiktel.com>
Date: Tue, 30 Apr 2019 15:53:54 -0500
Subject: [PATCH] Clarify that deduped data is encrypted

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Tom Caputi <tcaputi@datto.com>
Signed-off-by: Richard Laager <rlaager@wiktel.com>
Closes #8691
---
 man/man8/zfs.8 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/man/man8/zfs.8 b/man/man8/zfs.8
index 3b118ac3e..7c8e5bc2e 100644
--- a/man/man8/zfs.8
+++ b/man/man8/zfs.8
@@ -2388,7 +2388,8 @@ directory listings, FUID mappings, and
 .Sy groupused
 data.  ZFS will not encrypt metadata related to the pool structure, including
 dataset and snapshot names, dataset hierarchy, properties, file size, file
-holes, and deduplication tables.
+holes, and deduplication tables (though the deduplicated data itself is
+encrypted).
 .Pp
 Key rotation is managed by ZFS.  Changing the user's key (e.g. a passphrase)
 does not require re-encrypting the entire dataset.  Datasets can be scrubbed,
-- 
2.40.0