Research & design an improved mechanism for automatically mounting encrypted disk partition on server restart

[euanmillar]

Come up with a mechanism for servers to be able to restart and mount the encrypted partition in case of a crash or intentional reboot.

Acceptance criteria:

• Server becomes functional automatically without human intervention on boot
• Decryption key cannot be stored anywhere on the server itself. Otherwise someone stealing the harddrive

Some initial ideas:

• keyserver in the same network the server can query the key from (Hashicorp Vault?)
• CI pipeline for mounting the encrypted partition. Server notifies CI on boot
  • Manual version of this currently in use in Farajaland

Dev tasks:

• Remove encryption key stored on the disk. disk_encryption_key.txt is stored here: /root/disk-encryption-key.txt.