0

I previously had TrueCrypt setup to automount my SVN repos on the Subversion server at boot with an automated network script that used a keyfile on a protected share to mount the volume. Now that TrueCrypt is no more, I've since moved on to using encryptfs to create a private encrypted store in my home folder, and have had a positive experience with it so far. My offsite and local backup systems are programmed to just back up the encrypted stores.

Is there a way to have the SVN server's repos to be stored in an encryptfs protected private folder and still run normally, and how would I set it up? I'm OK with having to manually key in the password once at boot, but I'm not sure what is the best approach.

My personal profile has automounting disabled by renaming ~/.encryptfs/auto-mount to ~/.encryptfs/auto-mount.bkp, and leaving ~/.encryptfs/auto-unmount untouched so my personal volume to unmount at logout. Maybe there's a way to have the SVN store automount at login but not auto-unmount? My primary concern is the server being stolen and scraped.

Thank you.

Cloud
  • 425
  • 3
  • 13
  • 2
    IMHO using block based encryption such as LUKS makes much more sense for servers. – HBruijn Nov 21 '14 at 10:54
  • @HBruijn Would such an approach still work with my file-based backup system? Thanks! – Cloud Nov 21 '14 at 13:02
  • 1
    Yes, block based encryption is completely transparent. At the disk level all the data is encrypted, so when somebody removes the drive from the server they can't access it. But the file system behaves completely transparent. – HBruijn Nov 21 '14 at 13:19
  • @HBruijn That sounds very useful, but I don't see how I can use my Cloud based backup system with it. Even though companies like Carbon, CrashPlan, etc, all offer you the ability to provide your own encryption key in addition to their server side encryption, I don't necessary trust them as their kernel daemon and GUI client are closed source, so I pre-encrypt data prior to allowing it for inclusion in the cloud backup. Thank you for the suggestion though. :) – Cloud Nov 21 '14 at 17:11

0 Answers0