How to Safely remove a Luks encrypted disk from Linux

Introduction

In this guide, we are about to see how to safely remove a Luks encrypted disk from Red Hat Enterprise Linux 6, 7 and variant Linux distributions. The steps are just reverse to the creation order.
Before starting with removing anything first priority we need to back-up every content from encrypted partition to any other location/File System.

Listing Luks encrypted disk

Here I’m listing my current file system which created using the encrypted disk.

# df -h /myfiles/

Sample output:

[root@rhel7 ~]# df -h /myfiles/
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/myfiles 990M 1.3M 938M 1% /myfiles

Cleaning up Persistent entries

Before starting with removing we need to unmount the file system, and remove the entry from crypttab and fstab for all luks encrypted disks .

# umount /myfiles/
# vi /etc/crypttab
# vi /etc/fstab

Remove the Luks Key from partition or Disk.

Once done with removing entries remove the added key using “luksRemoveKey“.

# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles

Type the encryption password to remove the LUKS key from the disk.

[root@rhel7 ~]# cryptsetup luksRemoveKey /dev/mapper/vg_rhel7-myfiles 
Enter LUKS passphrase to be deleted: 
[root@rhel7 ~]#

Remove the Crypt password stored in a file.

Remove or move the key file used for luks encrypted disk

# rm -rfv /etc/crypt_password

Sample output

[root@rhel7 ~]# rm -rfv /etc/crypt_password
removed `/etc/crypt_password'
[root@rhel7 ~]#

Close the Luks Device:

Close the LUKS device.

# cryptsetup luksClose myfiles

Once we close the device it will disappear from the dm device list.

Before close

[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:17 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-myfiles -> ../dm-7
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 myfiles -> ../dm-8
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:17 vg_rhel7-LogVol05 -> ../dm-2

After Close

[root@rhel7 ~]# ls -lthr /dev/mapper/
total 0
crw-rw----. 1 root root 10, 58 Feb 8 02:20 control
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol02 -> ../dm-1
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol00 -> ../dm-0
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol01 -> ../dm-5
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol06 -> ../dm-4
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol03 -> ../dm-6
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol04 -> ../dm-3
lrwxrwxrwx. 1 root root 7 Feb 8 02:20 vg_rhel7-LogVol05 -> ../dm-2
lrwxrwxrwx. 1 root root 7 Feb 8 02:25 vg_rhel7-myfiles -> ../dm-7
[root@rhel7 ~]#

Remove the Logical volume used as the encrypted disk.

Remove the LVM used for the encrypted file system.

# lvremove /dev/mapper/vg_rhel7-myfiles

Sample Output

[root@rhel7 ~]# lvremove /dev/mapper/vg_rhel7-myfiles 
Do you really want to remove active logical volume myfiles? [y/n]: y
 Logical volume "myfiles" successfully removed
[root@rhel7 ~]#

That’s it we have done with removing the luks encrypted disk and file system.

Conclusion:

Without distracting any other disk we have safely removed the encrypted disks in Red Hat Enterprise and variant Linux. Have any query? Provide your feedback in below comment section.

Exit mobile version