How do you handle encrypted volumes?

Am looking at potentially deploying many Linodes instead of using (insert gorilla competitor here). (Gorilla competitor) has underlying managed disk encryption with customer-managed keys which means I do not have to set passcodes/passwords on every encrypted volume - it just uses keys from the KMS.

How do you all handle headless, non-interactive reboots of encrypted Linodes? Tang and Clevis? LuksOpen via custom systemctl service? Some sort of remote KMS? Am looking into the possibilities and I admit it's making my head spin, so I wanted to get the "official" Linode stance on this.

Any input?

Thanks!

1 Reply

Hey there -

You can absolutely encrypt the filesystem on your Linodes. I want to point you in the direction of an additional post here in the Community that addresses this and gives you some resources, which should answer your questions:

How do I Encrypt my Linode?

Keep in mind that there are some services that won't work on an encrypted Linode, and those are outlined in that post as well.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct