Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Full disk encryption on the server. #103

Open
jmg1138 opened this issue May 11, 2022 · 0 comments
Open

Full disk encryption on the server. #103

jmg1138 opened this issue May 11, 2022 · 0 comments
Assignees
@jmg1138
Labels
👨 Complexity 4 - More More complex. 🏗️ Infrastructure Infrastructure related development work. 🤨 Priority 2 - Low Priority is low. 🤫 Severity 1 - Mild Severity Level 1. Lowest severity.
Projects
🚀 Enhancements

Comments

@jmg1138
Copy link
Member

jmg1138 commented May 11, 2022

Currently during alpha/development on the staging server that runs Debian Linux, system/volume disk encryption is using DigitalOcean defaults. Should additional encryption be enabled?

System disk

This might be difficult if it requires a LUKS decryption password to be entered on every boot/reboot.

Employ fscrypt to securely protect, from data-at-rest exposure, all files+data installed after an initial Linux system build?

Database data volume

The servers are currently being hosted by DigitalOcean. The database data is stored on a separate mounted volume.

How to Create an Encrypted File System on a DigitalOcean Block Storage Volume

DigitalOcean Volumes are encrypted at rest, which means that the data on a Volume is not readable outside of its storage cluster. When you attach a Volume to a Droplet, the Droplet is presented with a decrypted block storage device and all data is transmitted over isolated networks.

For additional security, you can also create a file system in a LUKS encrypted disk on your Volume. This means that the disk will need to be decrypted by the operating system on your Droplet in order to read any data.
@jmg1138 jmg1138 self-assigned this May 11, 2022
@jmg1138 jmg1138 added 👨 Complexity 4 - More More complex. 🏗️ Infrastructure Infrastructure related development work. 🤨 Priority 2 - Low Priority is low. 🤫 Severity 1 - Mild Severity Level 1. Lowest severity. labels May 11, 2022
@jmg1138 jmg1138 added this to 📥 Backlog in 🚀 Enhancements via automation May 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmg1138 jmg1138

Labels
👨 Complexity 4 - More More complex. 🏗️ Infrastructure Infrastructure related development work. 🤨 Priority 2 - Low Priority is low. 🤫 Severity 1 - Mild Severity Level 1. Lowest severity.
Projects
🚀 Enhancements
  
📥 Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmg1138