Skip to content
/ pyluks Public

Python package for storage encryption with LUKS

pypi.org/project/pyluks/

License

GPL-3.0 license
1 star 2 forks Branches Tags Activity
Star

dacolombo/pyluks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
bin
bin
 
 
src/pyluks
src/pyluks
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 

Repository files navigation

pyluks

pyluks is a python package for storage encryption through LUKS, wrapping the functionalities provided by the cryptsetup command line tool.

The pyluks package is structured in three subpackages:

  • fastluks contains the device class which can be used to encrypt, access and manage storage devices. fastluks is based on the bash script fast-luks.
  • luksctl can be used to manage encrypted devices. It is based on the python package luksctl.
  • luksctl_api is an API to check the status of encrypted volumes and open them if needed. It is based on the python package luksctl_api.

Installation

Currently, Ubuntu and CentOS are supported.

To setup a virtual environment and install pyluks on CentOS run:

yum install -y python3
python3 -m venv venv
. venv/bin/activate
pip install --upgrade pip
pip install pyluks

To do the same on Ubuntu:

apt-get update
apt-get install -y python3 python3-pip python3-venv
python3 -m venv venv
. venv/bin/activate
pip install --upgrade pip
pip install pyluks

Usage

Each subpackage functionalities can be accessed thorugh a command line tool.

fastluks

To perform encryption and volume setup with default parameters, the fastluks command can be used inside the virtual environment:

fastluks

The encryption passphrase can be stored locally and/or on Hashicorp Vault.

  • To store the passphrase locally (this is usually done for testing purposes):
fastluks --save-passphrase-locally
  • To store the passphrase on Vault, the flag --vault must be used with the required arguments specified:
fastluks --vault --vault-url url --wrapping-token token --secret-path path --user-key key

luksctl

In order to manage a volume encrypted with fastluks, the command luksctl can be used from the command line:

# Display volume status
luksctl status

# Open encrypted volume
luksctl open

# Close encrypted volume
luksctl close

luksctl_api

In order to setup the API, the command luksctl_api can be used indicating the type of computing node on which the API is installed and its options, for example:

# Install the API on a single virtual machine, using a self signed certificate
luksctl_api master --infrastructure_config single_vm --ssl --user luksctl_api
# Install the API on the master node of a cloud using a self signed certificate
luksctl_api master --infrastructure_config cluster --ssl --node-list wn1 wn2 wn3 
# Install the API on a computing node
luksctl_api wn --nfs-mountpoint-list /export

By default, the API service is run by the user luksctl_api, which should have the permission to run the luksctl command. To run the API under a different user specify the --user argument.

About

Python package for storage encryption with LUKS

pypi.org/project/pyluks/

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages