File System Encryption for Linux
Quick setup guide for File System Encryption (FSE)
File System Encryption for Linux
This is a quick setup guide for File System Encryption (FSE) using Elastx Data Security Manager.
- Log in to Elastx DSM https://hsm.elastx..cloud and enter the account you want to use.
- Create a Group and set a name. A group can contain multiple secrets but if you want to use quorum approvals you can only manage one FSE per group.
- Create an app and set a name.
- Select the default API Key and the authentication method.
- Assigning the app to the group you just created.
- Get the API Key, select the app you created, under Info > API Key, press the “VIEW API KEY DETAILS” button.
- Log in to the Linux machine where you want to encrypt data. (These instructions are made for Ubuntu 24.04)
- Install fuse.
sudo apt install libfuse2 - Download and install the FSE agent.
wget https://download.fortanix.com/clients/FSE/1.10.147/fortanix-dsm-fseagent-1.10.147.deb
sudo apt install ./fortanix-dsm-fseagent-1.10.147.deb - Create a directory where the configuration and the encrypted files will be stored and a mount point
sudo mkdir /fse /data - Configure the file system
sudo fortanix-dsm-fseagent -dsm -init /fse- Enter the DSM Endpoint: https://hsm.elastx.cloud
- Enter the Api Key: <api key>
There is no text echo, paste the key and press enter.
- Mount the filesystem
sudo fortanix-dsm-fseagent --allow_other /fse /data- Enter the Api Key: <api key>
(twice)
- Enter the Api Key: <api key>
- Install fuse.
- If you want to automatically mount the filesystem at boot do the following.
- Add the API key to file
/etc/fse-auto-mount/api_keys/1.conf - Add the mount command to file
/etc/fse-auto-mount/mount_cmd/1.conf - Reload systemd to apply the changes
sudo systemctl daemon-reload - Enable the service
sudo systemctl enable fse-auto-mount@1.service
- Add the API key to file
- Done
You can find the full documentation here.