diff options
Diffstat (limited to 'vmdb/plugins/cryptsetup.mdwn')
| -rw-r--r-- | vmdb/plugins/cryptsetup.mdwn | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/vmdb/plugins/cryptsetup.mdwn b/vmdb/plugins/cryptsetup.mdwn index f438e4f..1f374d1 100644 --- a/vmdb/plugins/cryptsetup.mdwn +++ b/vmdb/plugins/cryptsetup.mdwn @@ -1,15 +1,27 @@ Step: cryptsetup ----------------------------------------------------------------------------- -Use cryptsetup to set up encryption of a block device. +Set up disk encryption using LUKS with the `cryptsetup` utility. The +encryption passphrase is read from a file or from the output of a +command. The encrypted disk gets opened and can be mounted using a +separate tag for the cleartext view. Step keys: -* `cryptsetup` — REQUIRED; tag of block device +* `cryptsetup` — REQUIRED; the tag for the encrypted block + device. This is not directly useable by users, or mountable. -* `password` — REQUIRED; the encryption password +* `name` — REQUIRED; the tag for the de-crypted block device. + This is what gets mounted and visible to users. -* `name` — REQUIRED; name of the encrypted device when opened +* `password` — OPTIONAL; the encryption password + +* `key-file` — OPTIONAL; file from where passphrase is read. + +* `key-cmd` — OPTIONAL; command to run, passphrase is the first + line of its standard output. + +One of `password`, `key-file`, or `key-cmd` is REQUIRED. Example (in the .vmdb file): |