Skip to content

Instantly share code, notes, and snippets.

@mhingston

mhingston/luks-setup.sh

Created February 19, 2018 13:33
Show Gist options
  • Save mhingston/b052caa3229dde7c758679e2b44c357b to your computer and use it in GitHub Desktop.
Save mhingston/b052caa3229dde7c758679e2b44c357b to your computer and use it in GitHub Desktop.
Download ZIP
LUKS Setup
Raw
luks-setup.sh
# replace volume-alias with your preferred alias and /mnt/encrypted with your preferred mount point
fdisk /dev/xvdb
cryptsetup luksFormat /dev/xvdb1
cryptsetup luksOpen /dev/xvdb1 volume-alias
mkfs.ext4 /dev/mapper/volume-alias
mkdir /mnt/encrypted
mount /dev/mapper/volume-alias /mnt/encrypted
umount /dev/mapper/volume-alias
cryptsetup luksClose volume-alias
# setup a key file to decrypt the volume
dd if=/dev/urandom of=/etc/volume-alias.key bs=1024 count=4
chown root /etc/volume-alias.key
chmod 600 /etc/volume-alias.key
cryptsetup luksAddKey /dev/xvdb1 /etc/volume-alias.key
# edit /etc/crypttab
volume-alias /dev/xvdb1 /etc/volume-alias.key
# edit /etc/fstab
/dev/mapper/volume-alias /mnt/encrypted ext4 defaults,noatime,nofail,x-systemd.device-timeout=1,errors=remount-ro,barrier=0 0 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment