I use a headless server connected to an ethernet cable, and I’d prefer to allow the thing to boot by itself and start up without me needing to unlock the disk encryption every single time I do an update or power back on. I’m using it as a server and am wondering whether its possible to encrypt everything still.
I do generally use docker containers, so could I potentially encrypt just the containers themselves, assuming I’m worried about a smash and grab rather than someone keeping the machine powered up and reading my ram?
https://www.golinuxcloud.com/network-bound-disk-encryption-tang-clevis/
something like clevis/tang might help but ultimately if someone has physical access to your box then they can potentially get it all anyways 🤷