I use a headless server connected to nothing but an ethernet cable in my basement, and I’d prefer to allow the thing to boot by itself and start up without me needing to unlock the disk encryption every single time I do an update or power back on. Its a Dell 9500t NUC that I’m using it as a server and am wondering whether its possible to encrypt everything still.
I do generally use docker containers, so could I potentially encrypt just the containers themselves, assuming I’m worried about a smash and grab rather than someone keeping the machine powered up and reading my ram?
This is similar to what I do.
I have a USB drive with the whole bootloader + decryption keyfiles on it. I remove it while it is running as everything is stored in RAM and already booted.
Downside being it has to be plugged in to update the boot partition during an upgrade.