Can I install software in a VM encrypted using a key hosted in a CloudHSM?
Linode
Linode Staff
Hello,
Can we install our software (which we usually install in a Linode VM), in a VM encrypted using a key hosted in a CloudHSM? Or we must use a VM hosted in Azure? If it is possible, could you suggest some doc/article on that topic?
1 Reply
jcardillo
Linode Staff
I’m not 100% sure since I don’t have familiarity with using CloudHSM. You are free to configure your Linode servers however you need to, including installing custom distributions or encrypting your disks, for example.
Encrypting discs is great for security but there are a few caveats to keep in mind:
- To decrypt and mount the disk, you’ll need to enter the encryption passphrase in the console every time your Linode boots.
- Since this setup makes use of raw disk images, it will not be possible to reduce the disk image space at a later date, and you’ll need to manually increase the size of your filesystem should you choose to expand the raw disk size.
- You’ll also need to implement your own backup solution since the Linode Backup Service can’t mount encrypted disks.
(Note: since this would be a non-standard configuration. Troubleshooting encrypted disk configurations falls outside the scope of Linode Support.)
If it is possible, could you suggest some doc/article on that topic?
It may be because I don’t have enough familiarity with CloudHSM, but I did some digging on this, and I wasn’t able to find anything conclusive. Hopefully if anyone else in the Linode Community comes across this with more experience they might be able to provide some helpful resources.