debops.cryptsetup
allows you to configure encrypted filesystems on top of
any given block device using dm-crypt/cryptsetup and LUKS. A random
keyfile generated on the Ansible controller will be used for the encryption by
default. It is your responsibility that the keyfile is kept secure for this to
make sense. For example by storing the keyfile on an already encrypted
filesystem (both on the Ansible controller and the remote system).
- Create a random keyfile or use an already existing keyfile.
- Manage
/etc/crypttab
and/etc/fstab
and mount point directories. - Create a LUKS header backup and store it on the Ansible controller.
- Decrypt and mount a encrypted filesystem and delete the decryption key from persistent storage after mounting.
This role requires at least Ansible v1.9.0
. To install it, run:
ansible-galaxy install debops.cryptsetup
More information about debops.cryptsetup
can be found in the
official debops.cryptsetup documentation.
debops.secret
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
cryptsetup
role was written by:
- Robin Schneider | e-mail | Twitter | GitHub
License: GPLv3
This role is part of the DebOps project. README generated by ansigenome.