Comment by everfrustrated

Comment by everfrustrated 8 days ago

Has anybody found a good way to use encrypted disks with Hetzner yet?

M4t7e 8 days ago

If you need disk encryption on Hetzner, I built a Terraform module that sets up a Kubernetes cluster with encrypted disks enabled by default: https://github.com/hcloud-k8s/terraform-hcloud-kubernetes

Reply View 0 replies

winrid 8 days ago

Their installer script supports LUKS.

Setup dropbear, and have another encrypted instance that runs a cron that runs a script every minute to check for the dropbear port on all instances and sshes in and passes the key to boot.

This is what I do for fastcomments anyway for ovh and hetzner

Reply View 0 replies

ralala 8 days ago

What is the threat model you want to mitigate using encryption at rest? Is it that a physical disk is not properly wiped after usage? Then you could just use luks and store the key anywhere else, e.g. another machine or an external volume…

Reply View 0 replies

adamcharnock 8 days ago

To answer from a Kubernetes perspective: Both OpenEBS Mayastor and LocalZFS now support disk encryption.

Reply View 0 replies

bflesch 8 days ago

Encrypted disks are easily setup with archlinux + LUKS + tinySSH, you can remote unlock via SSH.

Reply View 0 replies