I use an several encrypted usb drives to share and backup my personal data. Some are encrypted with bitlocker and some with luks. In my workflow I typically attach them at runtime.
Ideally, I would like the partitions to be both, unlocked and mounted at my dedicated mount point without any password or passphrase interaction.
This is what I tired so far:
-
A rather dangerous approach assembles some passwords and commands in some script. Properly protecting the script from unwanted access and granting NOSUDO access would yield a one-click-solution for mounting the drive (and all it’s partitions). This works fine, but is generally not recommended to my understanding.
-
Employing
/etc/crypttabin order to detect the partitions by UUID would do the unlocking part:
mobi_usb PARTUUID=47119ece-19e8-423c-add4-20af5e57f527 /etc/cryptsetup-keys.d/mobi-bitlocker.key bitlk,nofailA counterpart /etc/fstab entry:
mobi_usb /mnt/org/mobi auto nosuid,nodev,nofail,x-systemd.automount 0 0should do the second part, but does not seem to run. Hence, my partition wants to be mounted automatically at
/run/media/<user>/<partition>and requires user password interaction in order to be mounted there. -
Controlling unlocking and mounting completely from KDE Plasma would require checking the respective encrypted volumes in the settings under ”Device Auto-mount”. This magically also looks at the
/etc/fstabentry above and mounts the partition to the dedicated location. But the user would be prompted for the passphrase on each attach, though it’s value is pre-filled from kwallet.Long story short: How can I achieve this without password/ passphrase interaction and of course without clicking?