Hi Justin, On Fri, 2019-03-22 at 22:36 +0000, Justin Cattle wrote: > > What I actually want to do is, produce an ISO using the fai-cd > utility, but make some of the contents of that ISO encrypted. > So, not encrypting the disks in the server, but part or all of the > ISO used to build the server.
Some years ago a colleague of mine wrote some logic for FAI where secrets could be contained within a GPG encrypted file which was unpacked during installation. Would that do the job for what you're after? I've tracked the script down (and just fixed a bug in it!), but none of the other tooling around it exists any longer (like how to make the encrypted file, or how to manage GPG keys). Cheers, Andrew -- Andrew Ruthven, Wellington, New Zealand and...@etc.gen.nz | linux.conf.au 2020, Gold Coast, AU Catalyst Cloud: | https://lca2020.linux.org.au/ https://catalystcloud.nz |
