Fair enough. Every service I run depends on encrypted data, so starting the machine without decrypting isn’t worthwhile in my case. I have to decrypt to get everything back up after power loss anyway.
Main advantages I’m aware of for full disc encryption are encrypted swap and system config. Overkill for some use cases so YMMV, but wanting to point out that decrypting at boot can be done.
Thanks for your point of view.
All of my services are containers that have config and data folder bind mounted from an encrypted partition. After power on, a script download from a website half of the key needed to decrypt data, the other half is in the boot partition.
In this way if my server gets stolen I can delete the half key stored on the website and the data disk can’t be decrypted.
About swap, you’re right, but that doesn’t worry me at all since I don’t think that there’s anybody that would goes into that trouble just for my data. If someone is able enough and takes the trouble to read it, I guess that’s going to be the last of my problem: it would mean that I’m already in biiiiig troubles! 😆
Fair enough. Every service I run depends on encrypted data, so starting the machine without decrypting isn’t worthwhile in my case. I have to decrypt to get everything back up after power loss anyway.
Main advantages I’m aware of for full disc encryption are encrypted swap and system config. Overkill for some use cases so YMMV, but wanting to point out that decrypting at boot can be done.
Thanks for your point of view. All of my services are containers that have config and data folder bind mounted from an encrypted partition. After power on, a script download from a website half of the key needed to decrypt data, the other half is in the boot partition. In this way if my server gets stolen I can delete the half key stored on the website and the data disk can’t be decrypted. About swap, you’re right, but that doesn’t worry me at all since I don’t think that there’s anybody that would goes into that trouble just for my data. If someone is able enough and takes the trouble to read it, I guess that’s going to be the last of my problem: it would mean that I’m already in biiiiig troubles! 😆