I've been through this site for a number of LUKS related questions. I've seen methods for storing the LUKS key in plaintext on the root filesystem or on a USB key.
My question is: Is there a way with dracut to mount a non-root nfs share and read a luks key stored there? I have an environment full of RHEL7.x virtual machines that have their rootfs LUKS encrypted. I went with the method of storing the key locally to decrypt them, but I'd like to put the key on an nfs mount instead. That way if the nfs server is down, you're queried for the password, and if the image is stolen, it's still effectively protected.
Anyone ever try this?
