mhingston/luks-setup.sh

## luks-setup.sh
# replace volume-alias with your preferred alias and /mnt/encrypted with your preferred mount point

fdisk /dev/xvdb
cryptsetup luksFormat /dev/xvdb1
cryptsetup luksOpen /dev/xvdb1 volume-alias
mkfs.ext4 /dev/mapper/volume-alias
mkdir /mnt/encrypted
mount /dev/mapper/volume-alias /mnt/encrypted
umount /dev/mapper/volume-alias
cryptsetup luksClose volume-alias

# setup a key file to decrypt the volume
dd if=/dev/urandom of=/etc/volume-alias.key bs=1024 count=4
chown root /etc/volume-alias.key
chmod 600 /etc/volume-alias.key
cryptsetup luksAddKey /dev/xvdb1 /etc/volume-alias.key

# edit /etc/crypttab
volume-alias    /dev/xvdb1       /etc/volume-alias.key

# edit /etc/fstab
/dev/mapper/volume-alias      /mnt/encrypted  ext4    defaults,noatime,nofail,x-systemd.device-timeout=1,errors=remount-ro,barrier=0 0 1
	# replace volume-alias with your preferred alias and /mnt/encrypted with your preferred mount point

	fdisk /dev/xvdb
	cryptsetup luksFormat /dev/xvdb1
	cryptsetup luksOpen /dev/xvdb1 volume-alias
	mkfs.ext4 /dev/mapper/volume-alias
	mkdir /mnt/encrypted
	mount /dev/mapper/volume-alias /mnt/encrypted
	umount /dev/mapper/volume-alias
	cryptsetup luksClose volume-alias

	# setup a key file to decrypt the volume
	dd if=/dev/urandom of=/etc/volume-alias.key bs=1024 count=4
	chown root /etc/volume-alias.key
	chmod 600 /etc/volume-alias.key
	cryptsetup luksAddKey /dev/xvdb1 /etc/volume-alias.key

	# edit /etc/crypttab
	volume-alias /dev/xvdb1 /etc/volume-alias.key

	# edit /etc/fstab
	/dev/mapper/volume-alias /mnt/encrypted ext4 defaults,noatime,nofail,x-systemd.device-timeout=1,errors=remount-ro,barrier=0 0 1