DigitalOcean

Report this

What is the reason for this report?
Question

Disk Encryption & Virtual Servers

Posted on June 1, 2014
jman6495

By jman6495

Before I start I just want to make the following quite clear :

  1. Yes, this is ridiculous
  2. Yes, I still want to do it anyway
  3. No, the data i’m storing might not need this level of encryption
  4. Yes, I have foil hats if anybody wants one.

So what do I want to do ? Well basicly I want to encrypt the Hard disk of my VPS with LUKS and decrypt on boot (like so : http://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot )

I’m not entirely sure how i’d go about this with my VPS. The problematic part is the creation of the partition that will hold the Encrypted data. I need it to be my rootfs.

I’ve come up with several vague solutions, but i haven’t the slightest idea if they’ll really work :

  1. Create an encrypted “File” that contains the rootFS and setup initrd to decrypt that file and mount it as / .

  2. run fdisk on the system and resize the disk , then move everything to the new encrypted partition apart from the /boot directory. Have no idea if this can actually work.

  3. Create an image with VirtualBox of a encrypted system, upload this to my VPS, load it into the ram and load dd into the ram, then overwrite the existing disk (this is very unlikely to work, i have no real clue).

Has anyone tried this before ? anyone have a different approach ?

Cheers :)

-jman6495



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Kamal Nasser
Kamal NasserDigitalOcean Employee badge
June 3, 2014

Unfortunately, we do not support booting from custom kernels so you can’t modify <code>initrd</code>. We also do not support partitioning currently so #2 won’t work (though that’s in the works). <br>I’m not sure about #3, you can give it a shot but I doubt it’ll work. <br>Take a look at <a href=“https://www.digitalocean.com/community/articles/how-to-use-dm-crypt-to-create-an-encrypted-volume-on-an-ubuntu-vps”>How To Use DM-Crypt to Create an Encrypted Volume on an Ubuntu VPS</a>.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.