Search

C.3.2. Saving Passphrases

download PDF
If you use a kickstart file during installation, you can automatically save the passphrases used during installation to an encrypted file (an escrow packet) on the local file system. To use this feature, you must have an X.509 certificate available at a location that anaconda can access. To specify the URL of this certificate, add the --escrowcert parameter to any of the autopart, logvol, part or raid commands. During installation, the encryption keys for the specified devices are saved in files in /root, encrypted with the certificate.
You can save escrow packets during installation only with the use of a kickstart file — refer to Chapter 32, Kickstart Installations for more detail. You cannot save an escrow packet during an interactive installation, although you can create one on an installed system with the volume_key tool. The volume_key tool also allows you to use the information stored in an escrow packet to restore access to an encrypted volume. Refer to the volume_key manpage for more information.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.