Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to create a VirtualBox machine with encrypted storage with Vagrant
# -*- mode: ruby -*-
# vi: set ft=ruby :
PASSWORD_PATH = ".password"
PASSWORD_ID_PATH = ".password_id"
# Make sure to have installed vagrant-triggers plugin
# > vagrant plugin install vagrant-triggers
# After the first `vagrant up` stop the VM and execute the following steps
# Take the identifier of the storage you want to encrypt
# > HDD_UUID=`VBoxManage showvminfo <VM_NAME> | grep 'SATA.*UUID' | sed 's/^.*UUID: \(.*\))/\1/'`
# Store your usernname (whitespaces are not allowed) in a variable
# Encrypt the storage, enter the password when asked
# > VBoxManage encryptmedium $HDD_UUID --newpassword - --newpasswordid $USERNAME --cipher "AES-XTS256-PLAIN64"
# Store the username in a file named .password_id
# > echo $USERNAME > .password_id
# Now, the next time you start the VM you'll be asked for the same password
Vagrant.configure("2") do |config| = "ubuntu/vivid64"
config.vm.box_check_update = false
config.vm.hostname = "secure"
config.trigger.before :up do
if File.exists?(PASSWORD_ID_PATH)
password_id =
print "The VM is encrypted, please enter the password\n#{password_id}: "
password = STDIN.noecho(&:gets).strip
File.write(PASSWORD_PATH, password)
puts ""
config.trigger.after :up do
File.delete(PASSWORD_PATH) if File.exists?(PASSWORD_PATH)
config.trigger.after :destroy do
File.delete(PASSWORD_ID_PATH) if File.exists?(PASSWORD_ID_PATH)
config.vm.provider :virtualbox do |vb| = "secure"
vb.gui = false
if File.exists?(PASSWORD_ID_PATH)
password_id =
vb.customize "post-boot", [
"controlvm", :id, "addencpassword", password_id, PASSWORD_PATH, "--removeonsuspend", "yes"

This comment has been minimized.

Copy link

evokateur commented Nov 24, 2017

Very helpful gist. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.