Docker Community Forums

Share and learn in the Docker community.

Docker Data Volume Encryption (LVM, LUKS)


(Jfgineste) #1

Good morning,

I try to mount an encrypted volume inside of a Docker container. (the idea is to prevent external user to read data by doing some “cat /var/lib/docker/…”)

I followed this tutorial (I only replaced “go get github.com/kalahari/docker-lvm-plugin” with “go get github.com/projectatomic/docker-lvm-plugin”).

A lsblk command shows that the concerned pool (docker-libraries_2) has been encrypted:

bash-4.2$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465,8G 0 disk
├─sda1 8:1 0 512M 0 part /boot
├─sda2 8:2 0 308G 0 part
│ ├─centos-root 253:0 0 200G 0 lvm /
│ ├─centos-swap 253:1 0 8G 0 lvm [SWAP]
│ └─centos-home 253:5 0 100G 0 lvm /home
├─sda3 8:3 0 73G 0 part
│ ├─docker-internal_tmeta 253:3 0 20M 0 lvm
│ │ └─docker-internal 253:6 0 20G 0 lvm
│ ├─docker-internal_tdata 253:4 0 20G 0 lvm
│ │ └─docker-internal 253:6 0 20G 0 lvm
│ ├─docker-volumes_tmeta 253:7 0 32M 0 lvm
│ │ └─docker-volumes-tpool 253:9 0 30G 0 lvm
│ │ ├─docker-volumes 253:10 0 30G 0 lvm
│ │ ├─docker-libraries_1 253:11 0 100M 0 lvm /var/lib/docker-lvm-plugin/libraries_1
│ │ ├─docker-container_1_snapshot 253:13 0 100M 0 lvm
│ │ └─docker-libraries_2 253:14 0 100M 0 lvm
│ │ └─luks-libraries_2 253:15 0 98M 0 crypt /var/lib/docker-lvm-plugin/libraries_2
│ └─docker-volumes_tdata 253:8 0 30G 0 lvm
│ └─docker-volumes-tpool 253:9 0 30G 0 lvm
│ ├─docker-volumes 253:10 0 30G 0 lvm
│ ├─docker-libraries_1 253:11 0 100M 0 lvm /var/lib/docker-lvm-plugin/libraries_1
│ ├─docker-container_1_snapshot 253:13 0 100M 0 lvm
│ └─docker-libraries_2 253:14 0 100M 0 lvm
│ └─luks-libraries_2 253:15 0 98M 0 crypt /var/lib/docker-lvm-plugin/libraries_2
└─sda4 8:4 0 84,3G 0 part

Nevertheless, I ran then a docker with the option “-v libraries_2:/mnt/libraries_2”, but the files I put in /mnt/libraries_2 are not encrypted…

Did I do something wrong? Or does Docker not support effectively these kinds of volumes?

Best regards