Automatic drive encryption in vault

Another question from noob. I want to automount and encrypt my data drive in vault. I found dom0 command to automount drive to VM, but when I enter recovery key for that drive and chose “remember forever” it wasn’t work. Drive is Bitlocker encrypted (I know I should decrypt it and encrypt with LUKS - but this is 2TB HDD so maybe later). Encryption from file manager works so I assume it should also work from CLI. I assume that it is done by cryptsetup since I’m not installing dislocker. I try to decrypt it using sudo cryptsetup bitlkOpen <device> <name> but got that error Invalid or unknown signature for BITLK device. Device /dev/xvdi is not a valid BITLK device. . Also is there any way to store the encryption key in encrypted form in the vault VM?

Ok, I should use xvdi1 instead of xvdi - fdisk not shows me that dis drive have partitions, but found it on file manager. So my question is what will be the bast way to store the key securely (I know that it is in separate VM without any internet connection)?

I was able to write rc.local that decrypt and mount my drive :slight_smile: . But still don’t like the idea of storing my key in a plain text.