A resource for unlocking and mounting LUKS encrypted devices.
- A Linux based system (LUKS stands for Linux Unified Key Setup)
Map an encrypted drive. This will automatically set up the device for encryption if it's currently unused (no partition table is not already a LUKS device).
| Action | Description |
|---|---|
| :create | (default) Set up and map the named drive for encrypted use with LUKS |
| Parameter | Required? | Description | Example | Default |
|---|---|---|---|---|
| locked_device | Yes | The existing locked device to use | '/dev/sda' | |
| unlocked_device | No | The preferred basename of the unlocked device, as would be listed under /dev/mapper/ | 'sda_decrypted' | (locked_device with '/' replaced with '_') + '_unlocked' |
| pass_phrase | Yes | The pass phrase to unlock the device | 'your really long secret passphrase here' |
Include luks_device in your run list or recipe and use the luks_device resource like so:
include_recipe 'luks_device'
luks_device '/dev/sdb' do
# unlocked device will be available at /dev/mapper/decrypted_drive
unlocked_name 'decrypted_drive'
pass_phrase drive_passphrase_from_encrypted_databag
endYou can get the full path to the unlocked device later like this:
mount '/mnt/decrypted' do
device resources(luks_device: '/dev/sdb').unlocked_device
fstype 'xfs'
action :mount
end- Author: Nick Meharry nick@drchrono.com
Copyright 2016, drchrono Inc.
All rights reserved.