Encrypting an unencrypted volume with a secure key

If you want to integrate unencrypted data residing on a volume into the infrastructure for protected volume encryption, you need to perform the task to transform an unencrypted volume into an encrypted one.

This topic presents two methods with which you can achieve this task:

  1. For LVM physical volumes, you can use the pvmove command (see Migrating to an encrypted LVM physical volume).
  2. You can copy existing content to a new encrypted volume and delete the original volume (see Migrating data to a new encrypted volume).

After you have migrated the data from the unencrypted volumes to the encrypted ones, be sure to securely delete any unencrypted data according to your security policies. For example, you can use badblocks or shred to overwrite unencrypted data with random data multiple times.