#### Source
[Original Gist](https://gist.github.com/naomik/5428370#automountable)
[Bing cache](https://cc.bingj.com/cache.aspx?q=gist.github.com%2fnaomik%2f5428370&d=4747553971309591&mkt=en-US&setlang=en-US&w=g3oSGW8fFuVu8BTwP-yHy3zUj9TRWMZz)

# LUKS crypt

In this guide, I'm going to setup a keyfile-encrypted LUKS partition. I will be using a single, max-size partition on a single physical device. My physical device is located at /dev/sde

## partition the physical device

```sh
parted /dev/sde
(parted) mklabel gpt
(parted) mkpart primary 1 -1
(parted) quit
```

## create the key file

Before we go further, let's create our 2048-bit key file first. I'm going to install it /root/secret.key

```sh
sudo dd if=/dev/urandom of=/root/secret.key bs=1024 count=2
sudo chmod 0400 /root/secret.key
```

## create LUKS partition

In my case, /dev/sde1 was created by parted. Create the LUKS partition with our key file now.

```sh
cryptsetup luksFormat /dev/sde1 /root/secret.key
```

Associating our key with the LUKS partition will allow us to automount it later and prevent us from ever seeing a password prompt.

```sh
cryptsetup luksAddKey /dev/sde1 /root/secret.key --key-file=/root/secret.key
```

## initialize the LUKS partition

Before we can start using our LUKS partition, we have to size it properly and format it first. In order to do that, we will first use luksOpen which creates an IO backing device that allows us to interact with the partition. I'll call my device secret; you can call yours whatever you want.

```sh
cryptsetup luksOpen /dev/sde1 secret --key-file=/root/secret.key
```

the LUKS mapping device will now be available at /dev/mapper/secret

## size the LUKS partition

When using resize without any additional vars, it will use the max size of the underlying partition.

```sh
cryptsetup resize secret --key-file=/root/secret.key
```
## format the LUKS partition

I'm going to use ext4; you can use whatever you want.

```sh
mkfs.ext4 /dev/mapper/secret
```

## create a mount point

I'll create a mount point at /secret

```sh
sudo mkdir -p /secret
sudo chmod 755 /secret
```

## mount the LUKS mapping device

```sh
mount /dev/mapper/secret /secret
df /secret
```

## automountable

To avoid the hassle of mounting are encrypted volume manually, we can set it up such that it automounts using the specified key file. First you have to get the UUID for your partition.

```sh
ls -l /dev/disk/by-uuid
```

Find the UUID that links to your disk. In my case, it is 651322a-8171-49b4-9707-a96698ec826e.

```sh
export UUID="651322a-8171-49b4-9707-a96698ec826e"
sudo echo "secret UUID=${UUID} /root/secret.key luks" >> /etc/crypttab
```

Finally, specify the automount

```sh
sudo echo "/dev/mapper/secret /secret auto" >> /etc/fstab
```

Mount stuff!

```sh
sudo mount -a
```