From 58f066d73de0d19995154b5eb3c702319eaad45b Mon Sep 17 00:00:00 2001 From: Jochen Munz Date: Sun, 17 Dec 2023 18:10:21 +0100 Subject: [PATCH 1/2] Nomad docs: LUKS encryption Explains how to enable LUKS encryption for hcloud volumes. --- docs/nomad/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/nomad/README.md b/docs/nomad/README.md index 0995da45..820e0016 100644 --- a/docs/nomad/README.md +++ b/docs/nomad/README.md @@ -285,3 +285,19 @@ job "mariadb" { ```sh nomad job run mariadb.hcl ``` + +### Volumes Encrypted with LUKS + +To add encryption with LUKS you have to provide a secret containing the encryption passphrase as part of the volume definition. The secret must be named `encryption-passphrase`. The volume will then be LUKS encrypted on first use. + +```hcl +# file: db-vol.hcl + +secrets { + "encryption-passphrase" = "" +} +``` + + +> [!NOTE] +> Consider using HashiCorp Vault for secrets management, see https://developer.hashicorp.com/nomad/docs/job-specification/template#vault-kv-api-v2 \ No newline at end of file From 6469ad43802c2436e2a05b21c0b088adb18c5c2f Mon Sep 17 00:00:00 2001 From: Jonas L Date: Tue, 19 Dec 2023 09:00:36 +0100 Subject: [PATCH 2/2] Update docs/nomad/README.md --- docs/nomad/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/nomad/README.md b/docs/nomad/README.md index 820e0016..71eafcd7 100644 --- a/docs/nomad/README.md +++ b/docs/nomad/README.md @@ -286,7 +286,7 @@ job "mariadb" { nomad job run mariadb.hcl ``` -### Volumes Encrypted with LUKS +### Volumes encryption with LUKS To add encryption with LUKS you have to provide a secret containing the encryption passphrase as part of the volume definition. The secret must be named `encryption-passphrase`. The volume will then be LUKS encrypted on first use.