hello, The setup: I work in an environment that has a whole disk encryption requirement for VMs. If the VM is restarted an admin has to hit the console and type in the passphrase to boot. This is OK, we don't reboot much, and security guys are happy. The problem is they are going to start requiring that these machines also receive a passphrase change every 3 or 6 months. That brings me to the question. cryptsetup for luks requires an existing passphrase to add/change another. Physical interaction to change passphrase is not very realistic for 100+ machines. Ideally I would like to change the password via an automated system. Currently we are evaluating Chef, Ansible, and Puppet, has anyone here been able to manage luks passphrases over many machines? If so some friendly guidance would be greatly appreciated. Thanks Travis _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
