The method to integrate unencrypted data into the infrastructure for protected volume encryption described in this topic works in an environment without using LVM.
You require a free volume that has sufficient space. Ensure that this volume is persistently configured to your Linux™ instance.
-
Create a new encrypted volume using the free volume.
Ensure that the newly encrypted volume is formatted with a file system. For this purpose, complete steps
1 through
9 from
Creating a volume for pervasive encryption.
If you do not want to use LVM, adapt the steps accordingly.
-
Mount the file system on the newly encrypted volume on a temporary mount point.
For example:
# mount /dev/mapper/new-enc-disk /mnt
-
Copy the contents (meaning files and directories) from the unencrypted volume to the newly created file system.
For example, to copy all data from
/path/to-be-encrypted/data/ to the file system on the encrypted volume that is mounted on
/mnt/, issue:
# rsync -av /path/to-be-encrypted/data/ /mnt/
-
Replace the /etc/fstab entry of the existing unencrypted volume with the device-mapper device of the encrypted volume.
The data is now on an encrypted volume in the infrastructure for protected volume encryption.
What to do next
You should now securely delete the unencrypted data according to your security policies from /path/to-be-encrypted/data/.