« Previous 1 2
Automatic data encryption and decryption with Clevis and Tang
Passing Secrets
Conclusions
Data can be decrypted in a completely automatic process using Clevis and Tang. Clevis relies on Tang, so the data decryption only works if the Tang server is available. Under no circumstances does the actual key cross the wire; instead, it is recalculated during the recovery process. Policies can be defined using the SSS algorithm so that different data encryption and decryption methods are used where necessary.
Infos
- dm-crypt: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
- LUKS: https://gitlab.com/cryptsetup/cryptsetup
- HashiCorp Vault: https://www.vaultproject.io
- Tang GitHub repository: https://github.com/latchset/tang
- Clevis GitHub repository: https://github.com/latchset/clevis
- Clevis, Tang, and PINs name concept: https://en.wikipedia.org/wiki/Clevis_fastener
- SSS algorithm: https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Rebuilding the Linux ramdisk
If your Linux system is failing to boot, the dracut tool can be a convenient way to build a new ramdisk. -
Safe Files
Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.
- New Encryption System Prevents Server Snooping
-
Password management with FreeIPA
Passwords should be safe, but easy to remember – a contradiction that can be difficult to resolve. One remedy is a password manager that stores all passwords centrally. The open source tip this month shows a different approach: FreeIPA. -
Credential management with HashiCorp Vault
Admin teams can use secret sharing to centrally manage shared access to user accounts and services. HashiCorp Vault is one of the few tools that has proven effective when it comes to implementing this solution. Here's how to use this open source tool and keep important credentials safe.