In the previous post I have explained how to encrypt and mount a volume in Linux.In this post I will explain how to mount the encrypted volume automatically at boot. By doing this it will help us to reduce the down time while the server reboots.
In this post I will mount the partition /dev/xvdb to auto mount during Linux server boot.
First let us add a entry in /etc/fstab to mount the volume and save.
Second lets add an entry in /etc/crypttab
LUKS can use up to 8 key slots to store passwords. Run the command to view the used key slots.
In the above example you can see the “Key Slot 0” is been used.
Now let us add a key to the encrypted volume.
Now view the used key slots by running the below command
In the above screenshot you can the “Key Slot 1” being used. As of now we have added two key to the encrypted volume.
Now let us create a key file which will be used to get the passphrase while booting the system. So when the server reboots the system will not halt asking for the passphrase and will get the key for the LUKS device from this key file and continue with the boot.
To create a key file execute the below command. Here my key file “
lukskey” will be available under
You can view the content in the key file by running the xdd command.
Now let us add the key file to luks device by running the command luksAddkey and enter the password used to encrypt the volume.
Ensure the entry are added to the /etc/crypttab and restart the server and check for encrypted volume by running the df -h command.
Note: To remove a key slot you can run the command
"cryptsetup luksRemoveKey /dev/xvdb”.
I believe the above steps help you to auto mount LUKS encrypted partition using fstab on Linux(Redhat/CentOS) successfully.