Well, to see what would happen, I did a Hyper Backup then took a paper clip and pushed the reset button on the back of the Synology NAS for four seconds til it beeped.
Am running DMS 7.2 RC with volume encryption enabled.
When it rebooted there was a yellow light flashing and a continual error beep, which was a little scary.
I had to use Synology Assistant to find the NAS, since the static address had been changed to DHCP
Actually I had to connect the NAS directly to the MAC before I could find it. Maybe I needed to reboot the router or something.
I was able to log on with my regular administrator account since I hadn’t forgotten the password or anything.
Went to Control Panel → Hardware & Power and scrolled down to Beep Control. The reason for the current beep was “Volume crashed”. I muted it.
Here’s what I remember doing (I’m not in a hurry to do the soft reset again):
Gave the NAS its former static address. (Also had to change the subnet mask from 255.255.0.0 back to 255.255.255.0)
Deactivated the Admin account, which had become active during the reset (with a default null password)
Reset Auto Block
(See the Synology Knowledge Center article on soft resetting for all the other things that can change.)
In Storage Manager → Volume 1 → Global Settings enabled Encryption Key Vault. I had the password to the vault, but didn’t need it, since the vault had been thrown away by the reset. I had to make up a password to re-enable it. (Actually I used the same password as before.)
Then it did require that I upload the volume encryption key, which was safely downloaded to the Mac, and backed up to multiple locations.
DON’T LOOSE THAT MACHINE KEY OR YOU”RE IN BIG TROUBLE!
As far as I understand things, this is different from the encryption on individual shared folders. There you have a choice of entering a passphrase or uploading the machine key to unlock the folder. I always use the passphrase and maybe have the machine key somewhere, but maybe not.
This sloppiness Will Not Work with volume encryption. You either find that machine key or you lose the entire volume.
Someone please correct me if I’m wrong.
Of course, if you have a recent Hyper Backup you can re-create the volume from that.
I got a weird sense of satisfaction that I could push the reset button on the back and make the data on the volume “really” encrypted—to where it would not reboot into an unlocked state without me, the all-powerful user, entering a key.
A bit inconvenient, but satisfying nonetheless.
PS
After everything was up and running again, the next Time Machine backup to the NAS failed.
In Control Panel → File Services → SMB Advanced Settings, “Enable SMB durable handles” had become unchecked. After making it checked again, Time Machine worked fine.
And by the way, what do I need the Encryption Vault password for?
There’s a “Reset” button on the encryption vault. Will it ask for that password before it actually changes the volume encryption key?
I’m not going to press “Reset” because I don’t want to invalidate the current machine key, which is backed up in many places. Keeping track of valid and invalid keys could get confusing.