I have successfully used the swap option of crypttab (# man crypttab) to encrypt the swap partition dynamically. rc.sysinit enables that swap partition successfully at the right point (after encryption). The same doesn't work for the tmp option of crypttab (# man crypttab). The encrypted partition is present after booting the system. Manually mounting it works but adding "/dev/mapper/luks-tmp" into fstab shows that the boot process tries to mount it to early (not encrypted yet). This is confusing because other encrypted volumes (not dynamically) in fstab are successfully mounted. It seems that volumes with random keys are skipped at that stage. Does someone use a tmp directory with dynamic encryption enabled? # cat /etc/centos-release CentOS release 6.8 (Final) -- LF