This describes my setup for using DigitalOcean Volumes (disk images attached to my VPS) for off-site backups and keeping them encrypted-at-rest when I'm not actively writing or reading to the disk image.
Basically it consists of:
- A DigitalOcean virtual private server.
- An extra Volume attached to the VPS (100GB or so), this presents itself as a block storage device in Linux.
- LUKS encrypted partition on the Volume.