Hi
On my server I have an unencrypted boot drive which decrypts an encrypted LUKS drive with my data on it.
I am aware that a skilled thief could access the encryption keys thatbare stored on the unencrypted boot drive and am looling for a chill and safe solution.
I know about dropbear to decrypt a luks boot drive and I was wondering about using proxmox and an encrypted VM.
What do you guys think are good ideas?
Thanks
A less intrusive solution would be to just put your sensitive data in LUKS and configure services that use that data to depend on the partition being mounted. That doesn’t require modifying the normal system startup process. You’re less likely to mess up your startup process at the expense of needing to be more mindful about where you’re putting your files.