LUKS, passwords and Cloud instances



  • I usually store all my passwords files (plaintext, of course) in LUKS encrypted partitions, with a VERY long passphrase.
    I use different endpoints (laptop, desktop, etc), so it happens that I forget to synchronize the LUKS partition between those devices. Sometimes is just difficult to keep them in sync because of I leave one of them switched remotely and similar things, or it's just boring (for example, in my macbook) to bring up a Linux VM just to read that password.
    So, I was thinking about create an AWS Linux instance (or similar public cloud provider) with the only purpose of providing access to that LUKS partition, stored in the cloud. Obviously, I will only access to that VM with ssh keys.
    I'm concerned about the security of a cloud instance, that will of course have unencrypted and accessible RAM (by the cloud provider, of course), leaving all my credentials potentially accessible… what do you think about it?

    @scottalanmiller I think you wrote something about LUKS security sometimes ago…



  • LUKS is quite good and some of the most security conscious companies in the world use it. I would not worry about LUKS at all.

    As far as AWS, it's ranked as the most secure environment right now. No environment is 100% perfect, but no one has breached shared memory on AWS and, more importantly, no one can target your environment because it's ephemeral. They can't know where it is nor where they are nor the distance in between.

    If you use LUKS on AWS, you could unencrypt, read the passwords, and encrypt again so that it is only exposed for a moment, as well.



  • Yes, that's exactly what I want to do, leave the partition unencrypted (in ram) just the time to read the credentials and log out, thanks for your feedback.

    I just feel that LUKS is the only technology that I trust today for credential vaulting. What do you use for password management?



  • @Francesco-Provino said in LUKS, passwords and Cloud instances:

    I just feel that LUKS is the only technology that I trust today for credential vaulting. What do you use for password management?

    For LUKS? Memory 🙂



  • So, you already use LUKS… where do you store it, locally or on in a cloud-something? I'm very curious about that, I believe LUKS is not so widespread, but very good at solving problems like password storage.



  • @Francesco-Provino said in LUKS, passwords and Cloud instances:

    So, you already use LUKS… where do you store it, locally or on in a cloud-something? I'm very curious about that, I believe LUKS is not so widespread, but very good at solving problems like password storage.

    I used it extensively and automated it's creation for a huge hedge fund. Used for global finance data. Both local and cloud.

    For databases, not little files 🙂

    Passwords held in trust by department managers.


Log in to reply