Matthias Fetzer
Matthias Fetzer
Any update / news on this one?
I just stumbled upon `docker manifest inspect ` - which seems to be "experimental", but provides what we need. Is it worth to look into adding it?
You might be right about dom0. I was thinking about access logs, bash history and other things that _might_ contain sensitive info. Often a "everything is encrypted to be safe"-approach...
> As long as you can create an encrypted filesystem, you should be able to use it as a storage repository using the `file` SR type, or any more appropriate...
Thank you @olivierlambert for summarizing what needs to be done. I think encrypted storage could be added relatively easy, as I am currently doing it by hand, using cryptsetup. Encrypted...
> @fetzerms so at each boot, you need to connect to your host, unlock the SR, and "reconnect" it (since it couldn't be mounted without the passwd). Is that right?...
@DSJ2 thanks, thats a very good idea. I actually never heard about clevis and tang before.
@TylerDurden2019: Sorry for my little late response. I intended to do some proper write up, but I am currently really lacking time and/or motivation. Hence, the following steps somehow give...
I usually install cryptsetup manually from the centos base repos on XS7 and it works fine. Also: - monitoring: munin-node