This is an alternative to manually typing your password to decrypt your home server disks.
The idea is that you have a Tang server somewhere on your local network. When your server boots up, it needs to communicate with the Tang server to unlock the disk. Tang doesn’t store the key and is stateless, but the client requires Tang’s cooperation to compute the key.
For me, I’m thinking about someone breaking into my house and stealing my computer. Currently, I have LUKS read a keyfile from a USB drive… but I almost always leave it plugged in… so a thief would probably accidentally steal that too.
With this setup, I’m thinking maybe I could setup a Pi on the opposite side of my house, ideally hidden. And then if my home server gets stolen, LUKS wouldn’t be able to reach my Tang server, and therefore not unlock anything.
I just have a KVM that I can unlock LUKS with remotely.
I can access it remotely as my router has a built in Wireguard server so I connect to that and I’m basically on LAN.
What’s a KVM? I thought that was a kernel virtual machine, but it seems to mean something else.
Keyboard, video, mouse
Its just another computer remotely accessible that is connected to those ports on whatever you want to monitor. For example, used to enter bios on remote devices