Comment on Anyone use Clevis + Tang to protect data on their home server?
statelesz@slrpnk.net 1 day ago
You could also mount a NFS share on boot where a keyfile is stored. No extra service needed.
Comment on Anyone use Clevis + Tang to protect data on their home server?
statelesz@slrpnk.net 1 day ago
You could also mount a NFS share on boot where a keyfile is stored. No extra service needed.
The benfit of tang is that you don’t store the secret on a shared server.
The server has a single keypair that it reuses for every client, and each client has thier own keypair.
The encryption key can only be recovered when the client and server perform thier handshake. And only the client gets the key, the server cannot see it.