In this guide, we are about to see how to safely remove a Luks encrypted disk from RedHat Enterprise Linux 6, 7 and variant Linux distributions. The steps are just reverse to the creation order.
Before starting with removing anything first priority we need to back-up every content from encrypted partition to any other location/File System.

Step 1: Listing the encrypted disk:

Here I’m listing my current filesystem which created using the encrypted disk.

# df -h /myfiles/

 

Sample output:

[root@rhel7 ~]# df -h /myfiles/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/myfiles 990M 1.3M 938M 1% /myfiles




Step 2: Unmounting the filesystem and clear the FSTAB and CRYPTTAB entry:

Before starting with removing we need to unmount the file system, and remove the entry from crypttab and fstab.

# umount /myfiles/
# vi /etc/crypttab
# vi /etc/fstab

 

Step 3: Remove the Luks Key from partition or Disk.

Once done with removing entries remove the added key using “luksRemoveKey“.

# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles

 

Type the encryption password to remove the LUKS key from the disk.

[root@rhel7 ~]# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles 
Enter LUKS passphrase to be deleted: 
[root@rhel7 ~]#

 

Step 4: Remove the Crypt password stored in a file.

Remove or move the key file.

# rm -rfv /etc/crypt_password

 

Sample output:

[root@rhel7 ~]# rm -rfv /etc/crypt_password
removed `/etc/crypt_password'
[root@rhel7 ~]#

 

Step 5: Close the Luks Device:

Close the LUKS device.

# cryptsetup luksClose myfiles

Once we close the device it will disappear from the dm device list.

Before close:

[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:17 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-myfiles -> ../dm-7
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 myfiles -> ../dm-8
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol05 -> ../dm-2

After Close:

[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:20 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol05 -> ../dm-2
lrwxrwxrwx. 1 root root 7 Feb 8 02:25 vg_rhel7-myfiles -> ../dm-7
[root@rhel7 ~]#

 

Step 6: Remove the Logical volume used as the encrypted disk.

Remove the LVM used for the encrypted file system.

# lvremove /dev/mapper/vg_rhel7-myfiles

Sample Output:

[root@rhel7 ~]# lvremove /dev/mapper/vg_rhel7-myfiles 
Do you really want to remove active logical volume myfiles? [y/n]: y
 Logical volume "myfiles" successfully removed
[root@rhel7 ~]#




That’s it we have done with removing the encrypted file system.

Conclusion:

Without distracting any other disk we have safely removed the encrypted disks in Red Hat Enterprise and variant Linux. Have any query? Provide your feedback in below comment section.

Babin Lonston
Overall 14+ Years of experience in IT field, 7+ years of experience in Linux administration with Virtualization & Cloud technologies. Love documentation and being Numismatics for a long time.

Creating Encrypted filesystem in RedHat Enterprise Linux 7 and Variants

Previous article

The solution for setfacl: “Operation not supported” in Linux Servers

Next article

You may also like

Comments

Leave a reply

Your email address will not be published.

More in Security