{"id":15103558,"url":"https://github.com/sammcj/puppet-luks","last_synced_at":"2025-10-21T02:20:38.327Z","repository":{"id":49360860,"uuid":"74621320","full_name":"sammcj/puppet-luks","owner":"sammcj","description":"Puppet module for managing LUKS encrypted volumes","archived":true,"fork":false,"pushed_at":"2022-08-17T02:08:44.000Z","size":26,"stargazers_count":3,"open_issues_count":2,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-09-21T09:32:05.848Z","etag":null,"topics":["encryption","encryption-tool","luks","puppet","secret"],"latest_commit_sha":null,"homepage":null,"language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sammcj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-23T23:17:28.000Z","updated_at":"2023-01-27T21:01:26.000Z","dependencies_parsed_at":"2022-09-07T08:02:00.702Z","dependency_job_id":null,"html_url":"https://github.com/sammcj/puppet-luks","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sammcj%2Fpuppet-luks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sammcj%2Fpuppet-luks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sammcj%2Fpuppet-luks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sammcj%2Fpuppet-luks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sammcj","download_url":"https://codeload.github.com/sammcj/puppet-luks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219871850,"owners_count":16554459,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","encryption-tool","luks","puppet","secret"],"created_at":"2024-09-25T19:40:29.265Z","updated_at":"2025-09-27T02:31:31.963Z","avatar_url":"https://github.com/sammcj.png","language":"Puppet","funding_links":[],"categories":[],"sub_categories":[],"readme":"# luks\n\n## Description\n\nPuppet module for managing LUKS encrypted volumes\n\n[![Code Climate](https://codeclimate.com/github/codeclimate/codeclimate/badges/gpa.svg)](https://codeclimate.com/github/sammcj/puppet-luks)\n\n## Setup\n\n### Beginning with LUKS\n\nThis is a very basic module for configuring encrypted volumes using LUKS on Linux.\n\n## Usage\n\nThe following creates a LUKS device at `/dev/mapper/secretdata`, backed by\nthe partition at `/dev/sdb1`, encrypted with the value of `$secret_key`:\n\n```puppet\n  include ::luks\n\n  secret_key = hiera('luks_secret')\n\n  luks::device { 'secretdata':\n    device         =\u003e '/dev/sdb1',\n    key            =\u003e $secret_key,\n    remove_catalog =\u003e true,\n  }\n```\n\nThe secret key should come from somewhere encrypted such as [hiera-eyaml](https://github.com/voxpupuli/hiera-eyaml).\n\n## Reference\n\n### Parameters\n\n#### `device`\n The hardware device to back LUKS with -- any existing data will be\n lost when formatted as a LUKS device!\n\n#### `key`\n The encryption key for the LUKS device.\n\n#### `force_format`\n Instructs LuksFormat to run in 'batchmode' which esentially forces the block device\n to be formatted, use with care.\n\n#### `base64`\n Set to true if the key is base64-encoded (necessary for encryption keys\n with binary data).\n \n Defaults to false.\n\n#### `mapper`\n The name to use in `/dev/mapper` for the device.\n \n Defaults to the name to the name of the resource, i.e. `/dev/mapper/secretdata`\n \n\n## Limitations\n\n- At the time of writing this, it has been tested against CentOS 7.2\n- The key change functionality only _adds_ new keys, the original key(s) remain in other key slots. It is highly recommended\n  to monitor for key slot usage and manually remove redundant keys as required.\n- **Warning**: The secret key (encrypted with the node certificate) \n  will still be cached by Puppet in the compiled catalog - _unless_ you use a null\n  [catalog_cache_terminus](https://docs.puppet.com/puppet/latest/configuration.html#catalogcacheterminus) to prevent this happening.\n  Examples: [https://github.com/dylanratcliffe/no_cached_catalogs](https://github.com/dylanratcliffe/no_cached_catalogs) and\n  [https://github.com/ross-w/secretresource](https://github.com/ross-w/secretresource)\n\n\n## Development/Release Notes/Contributors/Etc.\n\nPlease feel free to submit issues, and merge requests or generally contribute to this module.\n\n- [Official LUKS website](https://guardianproject.info/code/luks/)\n- [Module on Puppet Forge](https://forge.puppet.com/sammcj/luks/readme)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsammcj%2Fpuppet-luks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsammcj%2Fpuppet-luks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsammcj%2Fpuppet-luks/lists"}