docs: add instructions for LUKS encryption on Nomad (#550)

Explains how to enable LUKS encryption for hcloud volumes. --------- Co-authored-by: Jonas L <[email protected]>
hetznercloud · Oct 10, 2024 · 5162d8b · 5162d8b
1 parent 8191774
commit 5162d8b
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/docs/nomad/README.md b/docs/nomad/README.md
@@ -285,3 +285,19 @@ job "mariadb" {
 ```sh
 nomad job run mariadb.hcl
 ```
+
+### Volumes encryption with LUKS
+
+To add encryption with LUKS you have to provide a secret containing the encryption passphrase as part of the volume definition. The secret must be named `encryption-passphrase`. The volume will then be LUKS encrypted on first use.
+
+```hcl
+# file: db-vol.hcl
+
+secrets {
+  "encryption-passphrase" = "<your_encryption_value>"
+}
+```
+
+
+> [!NOTE]
+> Consider using HashiCorp Vault for secrets management, see https://developer.hashicorp.com/nomad/docs/job-specification/template#vault-kv-api-v2