We have a Debian X64 server which has the following config. One single 512GB SSD, which has our OS and two 2.0TB HDD's which have data like attachments, etc.
The two 2.0 TB drives are in RAID-1 configuration. For security purposes, I would like to encrypt this RAID-1 setup. The thing I don't understand is, even the encrypted drive will require a key to decrypt. These are the two problems I am having :
- How to setup an encrypted RAID-1. I found a lot of stuff for RAID with LVM.
- Where and how will the key be stored for decrypting the drive.
Here is my raid config :
mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Tue Feb 2 16:35:52 2016
Raid Level : raid1
Array Size : 1953382336 (1862.89 GiB 2000.26 GB)
Used Dev Size : 1953382336 (1862.89 GiB 2000.26 GB)
Raid Devices : 2
Total Devices : 2
Persistence : Superblock is persistent
Update Time : Thu Feb 11 10:00:37 2016
State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Name : domain:0 (local to host domain)
UUID : e3750654:c7e1a24c:3f0a15b6:46f26d0d
Events : 22
Number Major Minor RaidDevice State
0 8 1 0 active sync /dev/sda1
1 8 17 1 active sync /dev/sdb1
Any help would be nice. Thank you.