The key is secure in my root partition which is encrypted because my whole disk is encrypted.
The goal of this video is to encrypt a secondary storage drive and mount it automatically on startup with no password required.
Therefore, security relies on this key being in an encrypted partition (can also be your home folder) and only root can read it.
This is why I recommend encrypting the disk where the generated key will be stored.
IF someone stole only the secondary disk (our datastore), they would get nothing.
IF someone stole ALL the disks and your key was created on an encrypted partition, they would get nothing.
IF someone stole ALL the disks and your key was NOT created on an encrypted partition, they would have everything in the disk IF they are smart.
That's why I fully encrypt all my installations (there's almost no performance cost and I've never had a problem). This will greatly benefit your Opsec while being practical.
Commands used:
https://github.com/fullopsec/LUKS-auto-mount
Twitter: https://twitter.com/fullopsec
Server operating system: Ubuntu 22.04
Music:/"Karl Casey @ White Bat Audio/"
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
No Comments