{"id":120691,"date":"2022-09-09T23:02:19","date_gmt":"2022-09-09T20:02:19","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=120691"},"modified":"2022-09-09T23:02:55","modified_gmt":"2022-09-09T20:02:55","slug":"using-encrypted-stratis-pool-nbde","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/using-encrypted-stratis-pool-nbde\/","title":{"rendered":"Using encrypted Stratis pool with Network Bound Disk Encryption (NBDE)"},"content":{"rendered":"\n<p>Welcome to this guide on how to use the encrypted Stratis pool with Network Bound Disk Encryption (NBDE). Our previous guide taught us how to configure Stratis Storage on <a href=\"https:\/\/computingforgeeks.com\/install-rocky-linux-on-hetzner-root-server\/\">Rocky Linux 8<\/a> | <a href=\"https:\/\/computingforgeeks.com\/how-to-install-almalinux-on-hetzner-root-server\/\">AlmaLinux 8<\/a>. <strong>Stratis<\/strong> is a local storage management service that enables one to manage pools from physical storage devices easily. here are several concepts involved here:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Pool<\/strong>: this is the chief component of Stratis. It is made up of one or more block devices and its total size is the sum of the block devices\u2019 size.<\/li><li><strong>blockdev<\/strong>: these are the block devices on Stratis. The supported block devices here are:<ul><li>HDDs and SSDs<\/li><li>LVM logical volumes<\/li><li>MD RAID<\/li><li>iSCSI<\/li><li>DM Multipath<\/li><li>LUKS<\/li><\/ul><\/li><li><strong>Filesystem<\/strong>: A pool can contain one or more file systems that are formatted to XFS and used to store files. Normally, the filesystems are thinly provisioned. In other words, they do not have a fixed total size, and their size grows as data is saved to them.  <\/li><\/ul>\n\n\n\n<p>There are many features associated with Stratis pool, these include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Pool-based management<\/li><li>File system snapshots<\/li><li>Monitoring<\/li><li>Thin provisioning<\/li><li>Tiering<\/li><\/ul>\n\n\n\n<p>Stratis allows one to create either encrypted or unencrypted pools. <strong>Encrypted<\/strong> pools are created on Stratis to improve security. When this type of pool is created, the kernel keyring is used as the primary encryption mechanism. After a system reboot, you are required to provide the created kernel keyring to access the pool.<\/p>\n\n\n\n<p>This guide provides you with the required knowledge on how to use encrypted Stratis pool with Network Bound Disk Encryption (NBDE).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Prerequisites<\/h2>\n\n\n\n<p>This guide requires you to have:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><span style=\"color: initial\">Block devices that are not in use\/mounted. In this guide, we will use several disks attached to the system.<\/span><\/li><\/ul>\n\n\n\n<p>Identify the block devices using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">lsblk<\/mark>\nNAME        MAJ:MIN RM SIZE RO TYPE MOUNTPOINT\nsda           8:0    0  40G  0 disk \n\u251c\u2500sda1        8:1    0   1G  0 part \/boot\n\u2514\u2500sda2        8:2    0  39G  0 part \n  \u251c\u2500cs-root 253:0    0  35G  0 lvm  \/\n  \u2514\u2500cs-swap 253:1    0   4G  0 lvm  &#91;SWAP]\nsdb           8:16   0  10G  0 disk \nsdc           8:32   0  10G  0 disk \nsdd           8:48   0  10G  0 disk<\/code><\/pre>\n\n\n\n<p>I have 3 disks each of 10GB attached to my system which will be used to create the encrypted Stratis pool.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1 &#8211; Install Stratis on Your System<\/h2>\n\n\n\n<p>Stratis resides in the default RHEL\/CentOS\/Rocky Linux\/Alma Linux repositories and can be installed using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo su - \ndnf install stratisd stratis-cli -y<\/code><\/pre>\n\n\n\n<p>Once installed, start the Stratis service using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now stratisd<\/code><\/pre>\n\n\n\n<p>Check if the service is running:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">systemctl status stratisd<\/mark>\n\u25cf stratisd.service - Stratis daemon\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/stratisd.service; enabled; vendor preset: enabled)\n   Active: <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">active (running)<\/mark> since Thu 2022-07-07 13:10:27 EDT; 6s ago\n     Docs: man:stratisd(8)\n Main PID: 2501 (stratisd)\n    Tasks: 5 (limit: 23505)\n   Memory: 1.5M\n   CGroup: \/system.slice\/stratisd.service\n           \u2514\u25002501 \/usr\/libexec\/stratisd --log-level debug\n\nJul 07 13:10:27 computingforgeeks.com systemd&#91;1]: Starting Stratis daemon...\nJul 07 13:10:27 computingforgeeks.com stratisd&#91;2501]: &#91;2022-07-07T17:10:27Z INFO  libstratis::stratis::run] stratis daemon version 2.4.2 st&gt;\nJul 07 13:10:27 computingforgeeks.com stratisd&#91;2501]: &#91;2022-07-07T17:10:27Z INFO  libstratis::stratis::run] Using StratEngine<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2 &#8211; Creating an encrypted Stratis pool<\/h2>\n\n\n\n<p>A Stratis pool can be created using one or multiple block devices. In this guide, we have 3 secondary disks attached to the system.<\/p>\n\n\n\n<p>Begin by wiping away any partition tables, filesystems, or any RAID signatures on the device<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo wipefs --all<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\"> <em>block-device1<\/em><\/mark><em> <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">block-device2<\/mark><\/em><\/code><\/pre>\n\n\n\n<p>Replace <em>block-device1<\/em>  and <em>block-device2<\/em> with the block device names. For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wipefs --all \/dev\/sdb \/dev\/sdc \/dev\/sdd<\/code><\/pre>\n\n\n\n<p>After cleaning the disk(s), proceed and obtain the key set to use for the encryption.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\"> stratis key set --capture-key <\/mark><em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">pool1key<\/mark><\/em>\nEnter key data followed by the return key: <em>Enter Key and press Enter<\/em><\/code><\/pre>\n\n\n\n<p>You should now have the kernel keyring created. This will be used to access the pool after subsequent reboots. Verify this with the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">stratis key list<\/mark>\nKey Description\n<em>pool1key  <\/em><\/code><\/pre>\n\n\n\n<p>Create an encrypted pool using the command with the below syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis pool create --key-desc &lt;key-description&gt; &lt;<em>pool_name<\/em>&gt; <em>block-device1 block-device2<\/em> <em>block-device-n<\/em><\/code><\/pre>\n\n\n\n<p>In the above command, replace <strong><em>key-description<\/em><\/strong> with the created key description and <strong><em>pool_name<\/em><\/strong> with the desired name for the pool.<\/p>\n\n\n\n<p>For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis pool create --key-desc <em>pool1key <\/em>pool1 \/dev\/sdb \/dev\/sdc \/dev\/sdd<\/code><\/pre>\n\n\n\n<p>Once created, verify using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">stratis pool list <\/mark>\nName                       Total Physical   Properties                                   UUID\npool1   29.95 GiB \/ 45.64 MiB \/ 29.91 GiB      ~Ca, Cr   be1d8a96-03f8-41a4-9d63-09baa1c697d8<\/code><\/pre>\n\n\n\n<p>We have a pool with the name pool1, with a 30 GB capacity. This is the sum of the 3 disk storage.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3 &#8211; Creating a Filesystem on a Pool<\/h2>\n\n\n\n<p>Once the pool has been created, you need to create a filesystem on it to be able to write data on the pool. This can be done using a command with the below syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># stratis fs create <em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\">&lt;poolname&gt;<\/mark><\/em><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\"> &lt;filesystemname&gt;<\/mark><\/code><\/pre>\n\n\n\n<p>For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis filesystem create pool1 filesystem1<\/code><\/pre>\n\n\n\n<p>Verify the creation using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">stratis fs list<\/mark>\nPool Name   Name          Used      Created             Device                           UUID                                \npool1       filesystem1   545 MiB   Jul 07 2022 13:12   \/dev\/stratis\/pool1\/filesystem1   283f8f78-0b33-4a35-a2d0-e9cd6b85d124<\/code><\/pre>\n\n\n\n<p>To get a detailed view, use the command below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>lsblk<\/code><\/pre>\n\n\n\n<p>Sample Output:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"598\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1024x598.png\" alt=\"\" class=\"wp-image-120738\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1024x598.png 1024w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-300x175.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-768x449.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-696x407.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1068x624.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-719x420.png 719w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption.png 1191w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4 &#8211; Unlocking an encrypted Stratis pool with kernel keyring<\/h2>\n\n\n\n<p>After a system reboot, you will not be able to access the pool:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">stratis pool list<\/mark>\nName                        Total Physical   Properties                                   UUID<\/code><\/pre>\n\n\n\n<p>To be able to access it, you need to provide the created kernel keyring. First, recreate the key using the same<strong> key description<\/strong>. For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis key set --capture-key pool1key<\/code><\/pre>\n\n\n\n<p>Now unlock the pool using the keyring:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis pool unlock keyring<\/code><\/pre>\n\n\n\n<p>Access the pool:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\"> stratis pool list<\/mark>\nName                        Total Physical   Properties                                   UUID\npool1   29.95 GiB \/ 590.65 MiB \/ 29.38 GiB      ~Ca, Cr   be1d8a96-03f8-41a4-9d63-09baa1c697d8<\/code><\/pre>\n\n\n\n<p>This is quite handy and requires memorizing the keyring. You can make this simpler using NBDE as shown below.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 5 &#8211; Binding a Stratis pool to NBDE<\/h2>\n\n\n\n<p><strong>NBDE<\/strong> is an abbreviation of <em>Network Bound Disk Encryption<\/em>. To be able to bind the encrypted Stratis pool to NBDE, you need a Tang server. This Tang server helps to unlock the encrypted pool without having to provide the kernel keyring description as above.<\/p>\n\n\n\n<p>First, install the Tang server:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>yum install tang<\/code><\/pre>\n\n\n\n<p>Choose any unused port and bind the service to it. For example, port <em>7500<\/em> as shown:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>semanage port -a -t tangd_port_t -p tcp 7500<\/code><\/pre>\n\n\n\n<p>Allow the set port through the firewall:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>firewall-cmd --add-port=7500\/tcp --permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>Enable the <em>tangd<\/em> service:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable tangd.socket<\/code><\/pre>\n\n\n\n<p>Create an override configuration file at<em><strong> \/etc\/systemd\/system\/tangd.socket.d\/<\/strong><\/em> using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl edit tangd.socket<\/code><\/pre>\n\n\n\n<p>Change the default port 80 to the new port as shown:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Socket]\nListenStream=\nListenStream=7500<\/code><\/pre>\n\n\n\n<p>Reload the daemon and restart the service:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload\nsystemctl restart tangd.socket<\/code><\/pre>\n\n\n\n<p>Verify if the service is bound to the new port:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">systemctl show tangd.socket -p Listen<\/mark>\nListen=&#91;::]:7500 (Stream)<\/code><\/pre>\n\n\n\n<p>Obtain the thumbprint of the tang server:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">tang-show-keys 7500<\/mark>\nMbe0_qFvUj7GRHXUp6g6yEQhixU<\/code><\/pre>\n\n\n\n<p>Now bind the encrypted Stratis pool to NBDE using the command with the below syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># stratis pool bind nbde &lt;<em>pool_name<\/em>&gt;  &lt;tang-server&gt; --thumbprint &lt;random_string&gt;<\/code><\/pre>\n\n\n\n<p>Replace the pool_name, and <em>tang-server<\/em> appropriately. The tang-server specifies the IP address\/URL of the Tang server.<\/p>\n\n\n\n<p>For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis pool bind nbde pool1 http:\/\/localhost:7500 --thumbprint Mbe0_qFvUj7GRHXUp6g6yEQhixU<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 6 &#8211; Unlocking the Stratis Pool with NBDE<\/h2>\n\n\n\n<p>To test if we can unblock the Stratis Pool with NBDE, reboot your system.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>reboot now<\/code><\/pre>\n\n\n\n<p>Once the system successfully reboots, switch to the root user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo su -<\/code><\/pre>\n\n\n\n<p>Try accessing the pool:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\"> stratis pool list<\/mark>\nName                        Total Physical   Properties                                   UUID<\/code><\/pre>\n\n\n\n<p>Aside from unlocking the pool using the keyring, you can unlock it, using NBDE (<strong>clevis<\/strong>) as shown:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis pool unlock clevis<\/code><\/pre>\n\n\n\n<p>You can agree that you no longer need to provide the keyring to access the pool. Verify if you can access the pool as shown:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"876\" height=\"137\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1.png\" alt=\"\" class=\"wp-image-120739\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1.png 876w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1-300x47.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1-768x120.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2022\/07\/encrypted-Stratis-pool-with-Network-Bound-Disk-Encryption-1-696x109.png 696w\" sizes=\"auto, (max-width: 876px) 100vw, 876px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Step 7 &#8211; Unbinding a Stratis pool from supplementary encryption<\/h2>\n\n\n\n<p>Unbinding a Stratis pool from the supplementary encryptions only leaves the primary kernel keyring encryption in pace. The supplementary encryption could be NBDE or TPM bound.<\/p>\n\n\n\n<p>To remove this binding, use the command with the below syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># stratis pool unbind clevis &lt;pool_name&gt;<\/code><\/pre>\n\n\n\n<p>For example:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>stratis pool unbind clevis pool1<\/code><\/pre>\n\n\n\n<p>After this, you can only access the pool using the primary kernel <strong>keyring<\/strong> encryption as in step 4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 8 &#8211; Mounting a Stratis Filesystem<\/h2>\n\n\n\n<p>To use the Stratis Filesystem, you need to mount it. First, create the mount point:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/mnt\/pool_1<\/code><\/pre>\n\n\n\n<p>You can make a <strong>temporary<\/strong> mounting of the file system using the command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mount \/dev\/stratis\/<strong>pool1<\/strong>\/<strong>filesystem1<\/strong> \/mnt\/pool_1<\/code><\/pre>\n\n\n\n<p>To mount the filesystem <strong>permanently<\/strong>, begin by identifying the UUID of the filesystems:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">lsblk --output=<\/mark><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\">UUID<\/mark><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\"> <\/mark><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">\/dev\/stratis\/pool1\/filesystem1<\/mark>\nUUID\n65a09ba7-1053-424c-9e04-d21c5c090249<\/code><\/pre>\n\n\n\n<p>Now edit the <strong>\/etc\/fstab<\/strong> file and add the filesystem.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">sudo vi \/etc\/fstab<\/mark>\nUUID=65a09ba7-1053-424c-9e04-d21c5c090249 \/mnt\/pool_1 xfs defaults,x-systemd.requires=stratisd.service 0 0<\/code><\/pre>\n\n\n\n<p>Remember to replace the UUID and mount point. Reload the system daemon:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>After this, the filesystem will be able to survive system reboots. <\/p>\n\n\n\n<p>The end!<\/p>\n\n\n\n<p>This guide has provided the required knowledge on how to use an encrypted Stratis pool with Network Bound Disk Encryption (NBDE). I hope this was significant.<\/p>\n\n\n\n<p>You can see more on Stratis in the guide below:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/computingforgeeks.com\/configure-stratis-storage-on-rocky-almalinux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Stratis Storage on Rocky Linux 8 | AlmaLinux 8<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to this guide on how to use the encrypted Stratis pool with Network Bound Disk Encryption (NBDE). Our previous guide taught us how to configure Stratis Storage on Rocky Linux 8 | AlmaLinux 8. Stratis is a local storage management service that enables one to manage pools from physical storage devices easily. here are &#8230; <a title=\"Using encrypted Stratis pool with Network Bound Disk Encryption (NBDE)\" class=\"read-more\" href=\"https:\/\/computingforgeeks.com\/using-encrypted-stratis-pool-nbde\/\" aria-label=\"Read more about Using encrypted Stratis pool with Network Bound Disk Encryption (NBDE)\">Read more<\/a><\/p>\n","protected":false},"author":21,"featured_media":5161,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[299,50,75,663],"tags":[37813,37814],"class_list":["post-120691","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to","category-linux-tutorials","category-security","category-storage","tag-encrypted-stratis-pool","tag-network-bound-disk-encryption-nbde"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/120691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=120691"}],"version-history":[{"count":0,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/120691\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/5161"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=120691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=120691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=120691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}