How to Automatically Mount LUKS

This tutorial assumes you sort of know what you’re doing and how to identify the device you wish to encrypt. For simplicity sake we’ll assume in this tutorial you’ve encrypted /dev/sdb1 using the handle sdb1_enc and mounting to /mnt/enc.

Add a random key

cryptsetup luksAddKey /dev/sdb1 RandomStringNeedsToBeLong

Better to create and use a long random string.

pwgen -s 64 1 > keyfile.asc
cryptsetup luksAddKey sdb1_enc ./keyfile.asc

Use the random key

Place the file keyfile.asc and use it to open a LUKS volume.

cat /root/keyfile.asc | cryptsetup luksOpen /dev/sdb1 sdb1_enc

Or from online.

curl -s https://domain.tld/keyfile.asc | cryptsetup luksOpen /dev/sdb1 sdb1_enc

Add to /etc/crypttab

sdb1_file /root/sdb1 /root/keyfile.asc luks

Add to /etc/fstab

/dev/mapper/sdb1_file /mnt/enc ext4 defaults 0 2