Setting up an Encrypted Volume
Developers commonly use virtual private servers to build applications for their clients. Securing the data stored on your VPS can help protect against the accidental exposure of your data in case of a breach.
Linux distros such as Ubuntu can assist you in creating an encrypted volume on your VPS. Best of all, this can all be done from the command line interface (SSH).
How encrypted Volumes work
When you’re working with a low end box, creating an encrypted volume may prove to be a more versatile option than encrypting the entire disk.
Using an encrypted volume allows you to easily move your data across platforms, since an encrypted volume is essentially a large file that ends with the IMG file extension.
Before you Start
A few things should be noted before you begin creating encrypted volumes for your VPS. You should:
- Always keep your encryption password in a safe place
- Be aware that encryption could hurt system performance
- Stop any services that may be using the data you want to encrypt
- Always backup your data
Installing CryptDM on Debian
To install DM-Crypt using SSH, execute the following commands as Root:
sudo apt-get update sudo apt-get install cryptsetup
Once completed, begin creating encrypted volumes. At first, allocate space to the volume:
sudo fallocate -l 2GB /root/folder/volume1.img
Note: This volume is not dynamic. It can’t be expanded. This command gives you just an Volume of 2 GB fixed size.
Next, encrypt the allocated space. You’ll be required to create a password:
sudo cryptsetup luksFormat /root/folder/volume1.img
Next, we must create a name for the encrypted volume. Let’s keep it simple and call it “volume1”
sudo cryptsetup luksOpen /root/folder/volume1.img volume1
We’ve allocated the space, we’ve encrypted the space, we’ve created a label for the encrypted volume. Now we must create a file system too. Its best to use XFS:
sudo mkfs.xfs -m crc=1 /dev/mapper/volume1
Now we can move Data to the encrypted Volume, we just need to mount it as any other device needs to be mounted before too. This example creates a folder, mounts the volume and syncs a complete folder into that encrypted volume
sudo mkdir -p /root/folder/volume1 sudo mount /dev/mapper/volume1 /root/folder/volume1 sudo rsync -azv --progress /root/originating/datafolder/ /root/folder/volume1