 |
VOOZH | about |
|
VOOZH | about |
DigitalOcean Volumes are scalable, SSD-based block storage devices. Volumes allow you to create and expand your infrastructure’s storage capacity without needing to resize your Droplets.
Volumes are encrypted at rest, which means that the data on a Volume is not readable outside of its storage cluster. When you attach a Volume to a Droplet, the Droplet is presented with a decrypted block storage device and all data is transmitted over isolated networks.
For additional security, you can also create a file system in a LUKS encrypted disk on your Volume. This means that the disk will need to be decrypted by the operating system on your Droplet in order to read any data.
This tutorial covers how to:
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Red Hat Certified Architect
former DO tech editor publishing articles here with the community, then founded the DO product docs team (https://do.co/docs). to all of my authors: you are incredible. working with you was a gift. love is what makes us great.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
This comment has been deleted
This is great, but I want to encrypt the whole droplet, is there an easy way to do that?
I don’t get the point of leaving the key on the hard drive in an unencrypted volume. Couldn’t that be sniffed and you’re back to square one?
@jschwenn Do you have any info on how this impacts performance?
@BetterAutomations see @ahmedr comment this could help (droplet encryption).
@ahmedr +1
Thank you so much, everything worked like a charm.
How is it better than just using the volume?
https://docs.digitalocean.com/products/volumes/
Encryption: Volumes are encrypted with LUKS (Linux Unified Key Setup). The entire storage cluster is encrypted, so snapshots of volumes are also encrypted at rest.
It seems like under the hood, the container already is using LUKS and mounts the decrypted volume. If you encrypt only to mount it automatically at boot with a key stored on the same vm, it’s almost the same as if you just used the regular volume and there’s unnecessary overhead.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
