HomeAboutMailing ListList Chatter /0/0 216.73.216.5

Encrypted (at rest) hosts

2025-10-07 by: Michael Harrison via chugalug 
From: Michael Harrison via chugalug 
------------------------------------------------------
Am building a fresh Debian 13 SQL server at Linode/Akamai, seems all drives
are now (by default) encrypted at rest... Helps with SOC2 compliance and
such fun at least.
I still consider such as "moderately" secure. But helps with that warm
fuzzy feeling. --Mike--


===============================================================
From: Dave Brockman via chugalug 
------------------------------------------------------


If you don't enter a key at boot, that encryption is worthless.

With Gratitude,

Dave Brockman
Senior Network Engineer
Gig City Cloud, LLC






===============================================================
From: Lynn Dixon via chugalug 
------------------------------------------------------
Unless you are using a Tang / Clevis setup of course :)

No key password needed on boot then.





===============================================================
From: Michael Harrison via chugalug 
------------------------------------------------------


Well, I learned things today;

https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-e=
ncrypted-debian-server/

Thanks!!