How to non-interactively supply a passphrase to 'dmcrypt luksFormat'?

Hongli Lai asked:

I’m writing a script which automatically sets up testing environment virtual machines. This script should automatically format a dmcrypt+LUKS partition for me, with a certain passphrase. Because this is a local testing environment I don’t care about the security of the passphrase, I just want the entire VM setup process to be automated and non-interactive.

How can I non-interactively supply a passphrase to ‘dmcrypt luksFormat’? I want to use passphrases, not keys, because in production we use passphrases for LUKS as well.

My answer:

The first thing to do is to call the right command: it’s cryptsetup, not dmcrypt.

cryptsetup luksFormat /dev/vda2

The second thing is that you can pass another argument to read the passphrase from a file, or from standard input (using -).

echo -n "This isn't a very secure passphrase." | cryptsetup luksFormat /dev/vda2 -

Note that the -n flag is necessary in echo to prevent a line feed from being appended to the password.

See the cryptsetup man page for other ways to pass the key material in.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.