Is it possoble to configure ignition for LUKS and passphrase?
1 Like
Yes, you can use the key_file
field in your FCC (or keyFile
if using Ignition directly). The former supports inline:
which allows you to type in your passphrase directly in the FCC.
1 Like
Ignition’s storage.luks
section doesn’t natively provide a way to encrypt a volume with a passphrase that must be typed in during boot. key_file
/ keyFile
automatically stores the specified passphrase in the root filesystem. As a workaround, you could have the config write a systemd unit that deletes the passphrase again.