This cookbook provides a way to format devices with LUKS via dm-crypt. Other encryption options supported by dm-crypt as well as other features will be added in time.
Requires Chef 12.5 or later as this cookbook makes use of Custom Resources.
You always need to include the main recipe:
include_recipe 'dm-crypt::default'This installs 2 packages:
cryptsetup- Utilities for interacting with dm-crypt.file- Used to determine if devices are correctly formatted.
Each device to be formatted by dm-crypt is defined by a dmcrypt_device custom resource.
Each dmcrypt_device has the following attributes:
| Attribute | Type | Description | Default |
|---|---|---|---|
| name | String | Resource name. | N/A |
| device | String | The absolute path to the device to be formatted. | N/A |
| passphrase | String | Passphrase used to encrypt the device. | N/A |
| keyfile | String | Key file used to encrypt the device. | N/A |
NOTE: You must supply either a
passphraseor akeyfilebut never both.
To encrypt an LVM partition:
dmcrypt_device 'enc_data' do
device '/dev/mapper/vg_enc-lv_data'
passphrase 'supersecretword'
endIf you would like to contribute to this cookbook please follow these steps;
- Fork the repository on Github.
- Create a named feature branch (like
add_component_x). - Write your change.
- Write tests for your change (if applicable).
- Run the tests, ensuring they all pass.
- Submit a Pull Request using Github.
License: BSD 2 Clause
Authors: