keyscript is ignoring from /etc/crypttab during boot
Hi,
I'm trying to use keyscript
inside cyrpttab file to get the password from a script on a ubuntu machine for a secondary disk which is ecnrypted using cryptsetup
crypttab file : dbaas_encrypted_data_disk UUID=3dd6affe-c102-44db-99ce-734dde4c6d8f none luks,keyscript=/usr/lib/cryptsetup/scripts/getpassphrase.sh
I see that crypttab option keyscript is ignored in syslogs on the machine.
Encountered unknown /etc/crypttab option 'keyscript="/usr/lib/cryptsetup/scripts/getpassphrase.sh"', ignoring. How to use cryptsetup with systemd on a Ubuntu 20 system.
cryptsetup man page describes that its not supported. Please help me if there are any other alternative to make this as workable solution.
keyscript=<path>
The executable at the indicated path is executed with the value of the third field as only argument. The keyscript's standard output is passed
to cryptsetup as decyption key. Its exit status is currently ignored, but no assumption should be made in that regard. When used in initramfs,
the executable either needs to be self-contained (i.e. doesn't rely on any external program which is not present in the initramfs environment)
or the dependencies have to added to the initramfs image by other means. The program is either specified by full path or relative to
/lib/cryptsetup/scripts/.
LIMITATIONS: All binaries and files on which the keyscript depends must be available at the time of execution. Special care needs to be taken
for encrypted filesystems like /usr or /var. As an example, unlocking encrypted /usr must not depend on binaries from /usr/(s)bin.
This option is specific to the Debian crypttab format. It's not supported by systemd.
WARNING: With systemd as init system, this option might be ignored. At the time this is written (December 2016), the systemd cryptsetup helper
doesn't support the keyscript option to /etc/crypttab. For the time being, the only option to use keyscripts along with systemd is to force
processing of the corresponding crypto devices in the initramfs. See the 'initramfs' option for further information.
Edited by Bharath Kumar CM