This how-to describes the necessary steps to set up a Raspberry PI 4 with a LUKS encrypted root partition, LVM and remote unlock via Dropbear SSH server in initramfs.
crypttaband kernel command line.
cryptroot-unlockas Dropbear command.
Note: because of a problem when creating the initramfs for the first time and the encrypted root partition is no yet fully set…
The Docker daemon can be configured to allow remote access over HTTP by providing a TCP socket. Encryption and authorization can (or must!) be done by using TLS and the documentation contains a full page on how to do the setup. However, the OpenSSL command line tools are quite complex and far from intuitive if you don’t use them regularly. Or as the documentation states:
Using TLS and managing a CA is an advanced topic. Please familiarize yourself with OpenSSL, x509 and TLS before using it in production.
This is where Hashicorp’s Vault can shine. In a nutshell, Vault is…