Xcp-ng with encrypted VMs on boot

Hi all,

I am a big fan of encrypting everything and we are running all our VM with full boot encryption. Every time we reboot a VM, we have to go the the Xen Orchestra console and then enter the boot password. This was ok before but we are starting to test HA where the VM automatically reboot on another host if the original host has issue. The issue with that is although the HA work, we are still having issue as the VM is not operational due to the password not been entered. After long enough, someone flag it and we fix it bi this is not a good solution.

I was wondering how other people managed to get around this problem?

You can have security or convenience but not both. There are ways to setup Linux with LUKS and have it pull from a key on boot but that same key would have to be in each system and does not solve the scenario where someone takes the host because the key would be in it.