fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

Escrow Linux disk encryption keys using LUKS

Open dherder opened this issue 8 months ago • 3 comments

Goal

User story
As a Client Platform Engineer,
I want to escrow disk encryption keys on my Linux workstations
so that my team can get access to encrypted data w/o the local password when an employee who used Linux leaves the company.

Context

  • Product designer: @noahtalerman

We want to use the LUKS disk encryption format.

Instructions from Fedora on disk encryption key escrow using LUKS is here.

Changes

Product

  • [ ] UI changes: TODO
  • [ ] CLI usage changes: TODO
  • [ ] REST API changes: TODO
  • [ ] Permissions changes: TODO
  • [ ] Outdated documentation changes: TODO
  • [ ] Changes to paid features or tiers: TODO

Engineering

  • [ ] Database schema migrations: TODO
  • [ ] Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

  • Requires load testing: TODO
  • Risk level: Low / High TODO
  • Risk description: TODO

Manual testing steps

  1. Step 1
  2. Step 2
  3. Step 3

Testing notes

Confirmation

  1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
  2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

dherder avatar Jun 07 '24 15:06 dherder