The Dradis VM is shipped with full disk encryption. However, the OVAs we provide are identical for all our users, meaning that the volume key is the same for all Dradis VMs out of the box. Therefore, if your Dradis instance is being deployed on a network that could theoretically be reached or accessed by people outside of your team and who might have a copy of the default Dradis OVA volume key, we recommend that you re-encrypt your Dradis appliance after deployment to generate a new, unique, volume key.
Your Dradis re-encryption can be customised to your tastes using this guide.
Before making these changes, be sure to take a snapshot and a backup of your Dradis instance.
The most straightforward approach is to access Dradis as root
and:
# cryptsetup reencrypt /dev/sda5
With that command you should be prompted to enter your volume's passphrase, and re-encryption should start, generating a new volume key.
Once the process completes, reboot your instance with:
# reboot
That should do it!
While you're at it, you may also want to change your LUKs-encrypted drive's passphrase.
Next help article: Change your LUKs-encrypted drive's passphrase →
Your email is kept private. We don't do the spam thing.