Remote unlocking encrypted VM in xcp-NG


I have a small xcp-NG lab of 3 hosts in a HA cluster.
All the VMs in the cluster are encrypted for security. I was testing HA today and realised that my HA is not really working as I still have to manually enter the password at the console to unlock the VM.
Even with monitoring in place, It can take little while for someone to realised that the VM is down and need a password.

The VM having the issue are all debian9 so far.
Is there a way/tool to automate this process somehow? or is this the price to pay for security?

Thank you

There are ways you can create a key server that the system reaches out to locally to unlock the server. I have never set on up, I just know it’s possible.

Just curious what your encryption scheme is, and how your computers are setup. Is root encrypted or just data partitions? What algorithm and file systems are you using?


We use debian OS, When we install the os, we set it to full disk encryption.

Hope this help.

We also base our servers on Debian with full disk encryption