[CentOS] LVM encryption and new volume group

Fri Mar 6 00:58:23 UTC 2015
Chris Murphy <lists at colorremedies.com>

On Thu, Mar 5, 2015 at 2:09 PM, Tim <lists at kiuni.de> wrote:
> Hello list,
>
> I bought a Thinkpad T420 and installed CentOS 7 recently.
>
> I choosed to use lvm encryption for the entire volume group. It works so far.
>
> But now I am planning to install a second hard disk. My thought is to create a new volume group on this additional disk.
>
> But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use at startup?

http://linux.die.net/man/5/crypttab

When you create a new entry in crypttab, you can use the 3rd field to
point to a file that contains the passphrase for this new LUKS volume.
In effect, one passphrase gives access to both drives.

So there's a pro con here. Pro is that you could actually opt for a
completely different passphrase for the 2nd drive, but never have to
directly type it in. The con is that should you forget this
passphrase, and its only location is on the primary drive that's
already encrypted and that drive dies - then anything on the 2nd drive
cannot be decrypted. Oops. So be careful of that.


-- 
Chris Murphy