143
you are viewing a single comment's thread
view the rest of the comments
[-] vegetaaaaaaa@lemmy.world 1 points 3 years ago

I’d encrypt all disks. Nevertheless, it covers my ass when they retire the server after I used it.

Good point. How do you unlock the disk at boot time? dropbear-initramfs and enter the passphrase manually every time it boots? Unencrypted /boot/ and store the decryption key in plaintext there?

[-] wgs@lemmy.sdf.org 2 points 3 years ago

I run openbsd on all my servers so I would be entering the passphrase manually at boot time. Saving the key on unencrypted /boot is basically locking your door and leaving the key on it :)

this post was submitted on 07 Jul 2023
143 points (98.0% liked)

Selfhosted

60623 readers
947 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS