My Oracle Support Banner

Oracle Linux: Disk Encryption Using Network Based Key Services ( NBDE ) on Oracle Linux 8 (Doc ID 2686064.1)

Last updated on AUGUST 21, 2020

Applies to:

Linux OS - Version Oracle Linux 7.5 and later
Linux x86-64


How to create an encrypted XFS filesystem that's automatically unlocked at boot using clevis (client) and tang (server)

Based on

Note, below is an example hence all certificates, keys and device names/uuid's are fictional.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Setup Tang Server
 Setup Clevis Client
 Create an encrypted filesystem
 Add a remote key to the encrypted device
 Mount the encrypted filesystem on boot
 Optional: Remove known passphrase

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.