Igor Cicimov wrote: > An example for automation with AWS using SSM and KMS services > https://icicimov.github.io/blog/server/LUKS-with-AWS-SSM-and-KMS-in-Systemd/ > It can be modified for initramfs.
so how can we do it with initram and without some external key server? Imagine I have only boot not encrypted on the server. I want to boot the machine and get a prompt via SSH or something like SSH, where I can type in the password and decrypt root and all other volumes. I do not want to store password or anything sensitive in the boot directory. I can imagine one time ssh created when you try to login, but it is still not secure enough. Can you help with some thoughts on how to implement it? thanks