If your requirement is for the entire system to be encrypted then I think the only is a system rebuild, but if you can convince management that a good compromise is encrypting only the applications and their data, you should be able to add encrypted storage, copy the sensitive files and wipe the old allocations. I have done this for a test system encrypting a MySQL database instance and a web server instance, in anticipation of an "encrypted at rest" directive coming down from management.
-- Thomas Kern Senior VM Systems Programmer/Linux Systems Administrator Office of the Chief Information Officer On Contract to U.S. Department of Energy O: 301-903-2211 | M: 301-905-6427 thomas.k...@hq.doe.gov -- A subtlety of Murphy's Law: If it can go wrong, it already has, and you just haven't realized it yet. -----Original Message----- From: Wells, Roger K. [mailto:wel...@leidos.com] Sent: Tuesday, December 12, 2017 9:41 AM To: CentOS mailing list <centos@centos.org> Subject: [CentOS] LUKS question I have existing systems with un-encrypted disks. I have tried unsuccessfully to encrypt them using LUKS. Has anyone out there been able to encrypt an existing system (after the fact, so to speak)? TIA -- Roger Wells, P.E. leidos 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.we...@leidos.com _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
