Creating an encrypted lvm logical volume

Tuesday, September 01 2009 @ 05:49 PM BST

Contributed by: robin

I wanted to create a secure place to store ssl keys, etc. I decided to create an lvm logical volume and encrypt it. Here's what I did:

  1. Create the logical volume (LV):
    lvcreate --size 5G --name lv_secure vg_name
  2. Encrypt the LV:
    cryptsetup luksFormat /dev/vg_a001/lv_secure
  3. Verify the LV is encrypted:
    cryptsetup isLuks /dev/vg_a001/lv_secure && echo Success
  4. Open the secure volume and create a mapped device named "secure":
    cryptsetup luksOpen /dev/vg_a001/lv_secure secure
  5. Get info about the mapped device:
    dmsetup info secure
  6. Create an ext3 file system on the mapped device:
    mke2fs -j /dev/mapper/secure
  7. Mount the mapped device:
    mkdir /mnt/secure
    mount /dev/mapper/secure /mnt/secure
  8. When you are done, unmount and close the secure device:
    umount /mnt/secure
    cryptsetup remove secure



Comments (0)