- Create the key file (
/root/.keyfile-1), actually, you may choose any place
dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 - PERMISSIONS:
chmod 0400 /root/.keyfile-1 - Add key:
cryptsetup -v luksAddKey /dev/<DISK> /root/.keyfile-1 - Update
/etc/crypttab. You can grab disk UUIDs viablkid
Sample:
backups UUID=<UUID> /root/.backups-keyfile luks
data UUID=<UUID> /root/.data-keyfile luks,discard
- Update
/etc/fstab
#Data
/dev/mapper/data /run/media/valery/data xfs defaults 0 0
#Backups
/dev/mapper/backups /run/media/valery/backups xfs defaults 0 0