Automating startup for encrypted volumes


Automating startup for encrypted volumes
Prev	Advanced allocation methods for configuring storage	Next

By default, encrypted volumes can not start automatically when the system boots up because it requires the user to provide an access passphrase. However, you can automate the startup of encrypted volumes by storing the required passphrases in a file. You must save the file in the /etc/vx/encryption/ directory.

Caution:

The password file is stored on the disk. Set secure file permissions to prevent unauthorized users from reading the file. You must also secure physical access to the hosts and storage on which the file is located.

The passphrase file must contain one line for each encrypted volume; each line contains the following information in three columns of text:

First column

Name of the disk group or disk group ID

Use the * wildcard character to indicate any disk group.

Second column

Name of the encrypted volume

Use the * wildcard character to indicate any volume.

Third column

Passphrase

At the time of system startup, VxVM queries the passphrase file for encrypted volumes. If the volume is listed in the file, it uses the corresponding passphrase for the volume instead of prompting the user for a manual entry.

A sample passphrase file is as follows:

datadg1    datavol1   sgZ5ltvY72J
datadg1    datavol2   skghj458hcdskj

Prev	Up	Next
Viewing encrypted volumes	Home	Configuring a Key Management Server