CRYPTPASSWORD not accessible from inside chroot #114

New issue

Open

opened 2025-07-07 17:53:07 +02:00 by bebehei · 0 comments

bebehei commented

2025-07-07 17:53:07 +02:00

(Migrated from github.com)

It would be awesome to have the CRYPTPASSWORD parameter exposed in a file inside the chroot. So then a post-install script could modify the LUKS settings. Possible locations could be /run/lukspasswd (/run is a tmpfs so no clear text saved to disk).

Also it would be nice if the file has got no trailing new line, so that it can be automatic parameter for --key-file in the cryptsetup command.

I'm currently writing a postinstall script for one of our Hetzner servers and I need to re-configure the disks with LUKS. I use it mainly to configure one of the LUKS keyslots for NBDE with clevis+tang. It would be awesome to have the `CRYPTPASSWORD` parameter exposed in a file inside the chroot. So then a post-install script could modify the LUKS settings. Possible locations could be `/run/lukspasswd` (`/run` is a tmpfs so no clear text saved to disk). Also it would be nice if the file has got no trailing new line, so that it can be automatic parameter for `--key-file` in the `cryptsetup` command.