How to Safely remove a Luks encrypted disk from RedHat 6, 7 Linux and variants

In this guide, we are about to see how to safely remove a Luks encrypted disk from RedHat Enterprise Linux 6, 7 and variant Linux distributions. The steps are just reverse to the creation order.
Before starting with removing anything first priority we need to back-up every content from encrypted partition to any other location/File System.

Step 1: Listing the encrypted disk:

Here I’m listing my current filesystem which created using the encrypted disk.

# df -h /myfiles/

Sample output:

[root@rhel7 ~]# df -h /myfiles/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/myfiles 990M 1.3M 938M 1% /myfiles

Step 2: Unmounting the filesystem and clear the FSTAB and CRYPTTAB entry:

Before starting with removing we need to unmount the file system, and remove the entry from crypttab and fstab.

# umount /myfiles/
# vi /etc/crypttab
# vi /etc/fstab

Step 3: Remove the Luks Key from partition or Disk.

Once done with removing entries remove the added key using “luksRemoveKey“.

# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles

Type the encryption password to remove the LUKS key from the disk.

[root@rhel7 ~]# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles 
Enter LUKS passphrase to be deleted: 
[root@rhel7 ~]#

Step 4: Remove the Crypt password stored in a file.

Remove or move the key file.

# rm -rfv /etc/crypt_password

Sample output:

[root@rhel7 ~]# rm -rfv /etc/crypt_password
removed `/etc/crypt_password'
[root@rhel7 ~]#

Step 5: Close the Luks Device:

Close the LUKS device.

# cryptsetup luksClose myfiles

Once we close the device it will disappear from the dm device list.

Before close:

[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:17 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-myfiles -> ../dm-7
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 myfiles -> ../dm-8
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol05 -> ../dm-2

After Close:

[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:20 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol05 -> ../dm-2
lrwxrwxrwx. 1 root root 7 Feb 8 02:25 vg_rhel7-myfiles -> ../dm-7
[root@rhel7 ~]#

Step 6: Remove the Logical volume used as the encrypted disk.

Remove the LVM used for the encrypted file system.

# lvremove /dev/mapper/vg_rhel7-myfiles

Sample Output:

[root@rhel7 ~]# lvremove /dev/mapper/vg_rhel7-myfiles 
Do you really want to remove active logical volume myfiles? [y/n]: y
 Logical volume "myfiles" successfully removed
[root@rhel7 ~]#

That’s it we have done with removing the encrypted file system.

Conclusion:

Without distracting any other disk we have safely removed the encrypted disks in Red Hat Enterprise and variant Linux. Have any query? Provide your feedback in below comment section.