[systemd-devel] systemd-cryptsetup credentials
David White
dr.white.nz at gmail.com
Wed Jan 15 11:30:20 UTC 2025
Hi there,
Just want some help with setting credentials for systemd-cryptsetup at .service
services.
I have a crypttab file with the following:
(I set a label for this volume with a udev rule as I have to use a label)
os_crypt LABEL=os_luks none try-empty-password=1,luks,pkcs11-uri=auto
,discard
I read in the systemd-cryptsetup documentation that I should be able to
pass credential "cryptsetup.pkcs11-pin"
I couldn't figure out from the documentation how to do this.
I assume I create a drop-in for systemd-cryptsetup at os_crypt.service
and add the credential there:
LoadCredential=cryptsetup.pkcs11-pin:/path/to/unix/socket
Would that work? If not, how would I go about passing a pkcs11 pin to
cryptsetup.
I know I can manually do it like this:
PIN=4321 systemd-cryptsetup attach os-crypt /dev/sdb - pkcs11-uri=auto but
I want to use the generator with crypttab.
Thanks,
David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250115/47d0a10d/attachment-0001.htm>
More information about the systemd-devel
mailing list