Comment on [deleted]
utjebe@reddthat.com 4 weeks ago
I was sorting somethingting similar some time ago with www.dwarmstrong.org/remote-unlock-dropbear/
Also there is github.com/latchset/tang and github.com/latchset/clevis
Then I changed it so my server boots and offers basic functionality like DNS and any encrypted data would wait until I unlock it. When I fiddle with it could be annoying, but otherwise works very well considering I need to unlock it just a few times a year.
dont@lemmy.world 4 weeks ago
The annoyance grows with the number of hosts ;-) I still want to feel in control, which is why I’m hesitant to implement unattended decryption like with tang/clevis.
But I’m interested in the idea of not messing with the initrd-image, boot into a running system and then wait for decryption of a data-partition. Isn’t it a hassle to manually override all the relevant service declarations etc. to wait for the mount? Or how do you do that?