LUKS by passphrase

bublikoff · December 29, 2020, 6:40pm

Is it possoble to configure ignition for LUKS and passphrase?

jlebon · January 4, 2021, 6:58pm

Yes, you can use the key_file field in your FCC (or keyFile if using Ignition directly). The former supports inline: which allows you to type in your passphrase directly in the FCC.

bgilbert · January 6, 2021, 9:33am

Ignition’s storage.luks section doesn’t natively provide a way to encrypt a volume with a passphrase that must be typed in during boot. key_file / keyFile automatically stores the specified passphrase in the root filesystem. As a workaround, you could have the config write a systemd unit that deletes the passphrase again.

Topic		Replies	Views
Ignition fails for luks encrypted root with btrfs Ask Fedora coreos	4	12277	April 22, 2024
Mouting encypted system LVM during boot with keyfile on external USB drive wrt iot/silverblue Ask Fedora lvm , encryption , luks2 , grub , iot , silverblue , atomic-desktops , initramfs	5	187	October 13, 2024
Unlocking a LUKS volume with a keyfile on an USB stick Ask Fedora fido2 , security , luks2 , usb-key	11	2754	July 14, 2024
Fedora 30 : add additional USB keyfile for root LUKS decryption Ask Fedora	6	1664	February 24, 2020
Luks keyfile not available at boot Ask Fedora luks2 , silverblue	2	228	October 7, 2024

LUKS by passphrase

Related topics