Network Based LUKS Unlock
Recently I wanted to see if I could make my public cloud-based Linux infra more secure via LUKS (Linux Unified Key Setup) disk encryption. I realise that one must fully trust one’s cloud provider, as they have access to the hardware. However it would be nice to know that data is encrypted when stored on disk. This does not mitigate against a very bad cloud provider, as ultimately if they are determined enough they can get at the data. However implementing some sort of encryption does offer some protection against reading the data if disks are reused and certainly makes the barrier much higher for access casually.