dm-crypt Cookbook
Table of Contents
Overview
This cookbook provides a way to format devices with LUKS via dm-crypt
. Other encryption options supported by dm-crypt
as well as other features will be added in time.
Requirements
Requires Chef 12.5 or later as this cookbook makes use of Custom Resources.
Usage
You always need to include the main recipe:
include_recipe 'dm-crypt::default'
This installs 2 packages:
cryptsetup
- Utilities for interacting with dm-crypt.file
- Used to determine if devices are correctly formatted.
dmcrypt_device
Each device to be formatted by dm-crypt is defined by a dmcrypt_device
custom resource.
Each dmcrypt_device
has the following attributes:
Attribute | Type | Description | Default |
---|---|---|---|
name | String | Resource name. | N/A |
device | String | The absolute path to the device to be formatted. | N/A |
passphrase | String | Passphrase used to encrypt the device. | N/A |
keyfile | String | Key file used to encrypt the device. | N/A |
NOTE: You must supply either a
passphrase
or akeyfile
but never both.
To encrypt an LVM partition:
dmcrypt_device 'enc_data' do
device '/dev/mapper/vg_enc-lv_data'
passphrase 'supersecretword'
end
Contributing
If you would like to contribute to this cookbook please follow these steps;
- Fork the repository on Github.
- Create a named feature branch (like
add_component_x
). - Write your change.
- Write tests for your change (if applicable).
- Run the tests, ensuring they all pass.
- Submit a Pull Request using Github.
License and Authors
License: BSD 2 Clause
Authors: