This will enable you to use a memory-based one-time encryption key for your swap space.
First, you need to enable the geom_eli kernel module… to do this, add the following line to your /boot/loader.conf file:
Now, to enable the encrypted swap space, edit your /etc/rc.conf file, and add:
geli_swap_flags=”-e AES -l 128 -s 4096 -d”
And finally, add .eli to the device name in your /etc/fstab file for the line marked “swap”. For example:
# Device Mountpoint FStype Options Dump Pass#
/dev/da0s1b.eli none swap sw 0 0
Next time you reboot, your swap space will be encrypted with AES 128-bit encryption using a one-time key stored in memory.