Hi, You may want to look into TPM2-based disk encryption; during normal operation it's basically transparent. My servers all have an encrypted root partition, and I do not need to enter a password to boot it as the decryption keys are stored in the TPM. Take a look at this page[1] for information on how to do it with Clevis, however I would recommend the usage of systemd-cryptenroll(1) instead for systemd systems[2].
[1] https://wiki.gentoo.org/wiki/Trusted_Platform_Module/LUKS [2] https://wiki.gentoo.org/wiki/User:Ajak/Measured_Boot Thanks, Rahul
