Setting up an Encrypted Volume

Developers commonly use virtual private servers to build applications for their clients. Securing the data stored on your VPS can help protect against the accidental exposure of your data in case of a breach.

Linux distros such as Ubuntu can assist you in creating an encrypted volume on your VPS. Best of all, this can all be done from the command line interface (SSH).

How encrypted Volumes work

When you’re working with a low end box, creating an encrypted volume may prove to be a more versatile option than encrypting the entire disk.

Using an encrypted volume allows you to easily move your data across platforms, since an encrypted volume is essentially a large file that ends with the IMG file extension.

Before you Start

A few things should be noted before you begin creating encrypted volumes for your VPS. You should:

  • Always keep your encryption password in a safe place
  • Be aware that encryption could hurt system performance
  • Stop any services that may be using the data you want to encrypt
  • Always backup your data

Installing CryptDM on Debian

To install DM-Crypt using SSH, execute the following commands as Root:

sudo apt-get update
sudo apt-get install cryptsetup

Once completed, begin creating encrypted volumes. At first, allocate space to the volume:

sudo fallocate -l 2GB /root/folder/volume1.img

Note: This volume is not dynamic. It can’t be expanded. This command gives you just an Volume of 2 GB fixed size.

Next, encrypt the allocated space. You’ll be required to create a password:

sudo cryptsetup luksFormat /root/folder/volume1.img

Next, we must create a name for the encrypted volume. Let’s keep it simple and call it “volume1”

sudo cryptsetup luksOpen /root/folder/volume1.img volume1

We’ve allocated the space, we’ve encrypted the space, we’ve created a label for the encrypted volume. Now we must create a file system too. Its best to use XFS:

sudo mkfs.xfs -m crc=1 /dev/mapper/volume1

Now we can move Data to the encrypted Volume, we just need to mount it as any other device needs to be mounted before too. This example creates a folder, mounts the volume and syncs a complete folder into that encrypted volume

sudo mkdir -p /root/folder/volume1
sudo mount /dev/mapper/volume1 /root/folder/volume1
sudo rsync -azv --progress /root/originating/datafolder/ /root/folder/volume1