Proof that Full-Volume Encryption is really there

Well, to see what would happen, I did a Hyper Backup then took a paper clip and pushed the reset button on the back of the Synology NAS for four seconds til it beeped.

Am running DMS 7.2 RC with volume encryption enabled.

When it rebooted there was a yellow light flashing and a continual error beep, which was a little scary.

I had to use Synology Assistant to find the NAS, since the static address had been changed to DHCP

Actually I had to connect the NAS directly to the MAC before I could find it. Maybe I needed to reboot the router or something.

I was able to log on with my regular administrator account since I hadn’t forgotten the password or anything.

Went to Control Panel → Hardware & Power and scrolled down to Beep Control. The reason for the current beep was “Volume crashed”. I muted it.

Here’s what I remember doing (I’m not in a hurry to do the soft reset again):

Gave the NAS its former static address. (Also had to change the subnet mask from back to

Deactivated the Admin account, which had become active during the reset (with a default null password)

Reset Auto Block

(See the Synology Knowledge Center article on soft resetting for all the other things that can change.)

In Storage Manager → Volume 1 → Global Settings enabled Encryption Key Vault. I had the password to the vault, but didn’t need it, since the vault had been thrown away by the reset. I had to make up a password to re-enable it. (Actually I used the same password as before.)

Then it did require that I upload the volume encryption key, which was safely downloaded to the Mac, and backed up to multiple locations.


As far as I understand things, this is different from the encryption on individual shared folders. There you have a choice of entering a passphrase or uploading the machine key to unlock the folder. I always use the passphrase and maybe have the machine key somewhere, but maybe not.

This sloppiness Will Not Work with volume encryption. You either find that machine key or you lose the entire volume.

Someone please correct me if I’m wrong.

Of course, if you have a recent Hyper Backup you can re-create the volume from that.

I got a weird sense of satisfaction that I could push the reset button on the back and make the data on the volume “really” encrypted—to where it would not reboot into an unlocked state without me, the all-powerful user, entering a key.

A bit inconvenient, but satisfying nonetheless.


After everything was up and running again, the next Time Machine backup to the NAS failed.

In Control Panel → File Services → SMB Advanced Settings, “Enable SMB durable handles” had become unchecked. After making it checked again, Time Machine worked fine.

And by the way, what do I need the Encryption Vault password for?

There’s a “Reset” button on the encryption vault. Will it ask for that password before it actually changes the volume encryption key?

I’m not going to press “Reset” because I don’t want to invalidate the current machine key, which is backed up in many places. Keeping track of valid and invalid keys could get confusing.

Yes you are correct! Since the update to RC keys are being flushed as you would expect!

I have been trying to figure that out myself! I have yet to actually enter it, except when I am adding keys into the volume!