If your requirement is for the entire system to be encrypted then I think the only is a system rebuild, but if you can convince management that a good compromise is encrypting only the applications and their data, you should be able to add encrypted storage, copy the sensitive files and wipe the old allocations. I have done this for a test system encrypting a MySQL database instance and a web server instance, in anticipation of an "encrypted at rest" directive coming down from management.
-- Thomas Kern Senior VM Systems Programmer/Linux Systems Administrator Office of the Chief Information Officer On Contract to U.S. Department of Energy O: 301-903-2211 | M: 301-905-6427 Thomas.Kern@hq.doe.gov -- A subtlety of Murphy's Law: If it can go wrong, it already has, and you just haven't realized it yet.
-----Original Message----- From: Wells, Roger K. [mailto:wellsr@leidos.com] Sent: Tuesday, December 12, 2017 9:41 AM To: CentOS mailing list centos@centos.org Subject: [CentOS] LUKS question
I have existing systems with un-encrypted disks. I have tried unsuccessfully to encrypt them using LUKS. Has anyone out there been able to encrypt an existing system (after the fact, so to speak)?
TIA