NBDE Key Server to hand keys to ESXi

Posted on

So, I am doing a project with LUKS right now and have found myself in a tricky situation. I have a bunch of servers running RedHat 7, encrypted with LUKS. Only a few of the servers have interfaces (monitors, keyboards, mice), and I need them to all be able to reach out to a key server and grab a key on startup without user interaction. I believe that I found a solution to this (link down below) with the Clevis Framework and Tang server. The problem is that one of the servers is running ESXi, and I need the Tang server that is handing out keys to also hand out a key to that server. Is this possible?

If there are any questions about this scenario, please reply and I will answer to the best of my ability

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Network-Bound_Disk_Encryption.html

Responses