Is it possible to configure LUKS to grab a key file from a web server and use it to decrypt and mount the drive on boot?
The idea being that this allows the device to boot, decrypt, and start running without any intervention, but should the device be stolen I can simply nuke the key from the web server and the drive is no longer decrypted automatically.
I didn't see anything in /lib/cryptsetup/scripts so I'm wondering if there's another option available to do this?
Yes, I realize this hinges on the premise that the thief doesn't boot the system up, check the config and download a copy of the key before I can delete it from the web server, but that's an acceptable risk in this case.
