How do you handle encrypted volumes?
Am looking at potentially deploying many Linodes instead of using (insert gorilla competitor here). (Gorilla competitor) has underlying managed disk encryption with customer-managed keys which means I do not have to set passcodes/passwords on every encrypted volume - it just uses keys from the KMS.
How do you all handle headless, non-interactive reboots of encrypted Linodes? Tang and Clevis? LuksOpen via custom systemctl service? Some sort of remote KMS? Am looking into the possibilities and I admit it's making my head spin, so I wanted to get the "official" Linode stance on this.
Any input?
Thanks!
1 Reply
Hey there -
You can absolutely encrypt the filesystem on your Linodes. I want to point you in the direction of an additional post here in the Community that addresses this and gives you some resources, which should answer your questions:
Keep in mind that there are some services that won't work on an encrypted Linode, and those are outlined in that post as well.