I have an external drive with a LUKS-encrypted partition. As the device is an external USB device and I don't always need it, I only want to decrypt and automount on demand. I can easily automount the fileystem on the decrypted partition with
/etc/fstab. However, I cannot decrypt the partition on demand. I've tried two different approaches:
I added the line
mnt-usb-crypt UUID=<UUID> /path/to/keyfile luks
/etc/crypttab. However, now the partition is always decrypted, even if I don't specify a mountpoint in
/etc/crypttaband added the
mnt-usb-crypt UUID=<UUID> /path/to/keyfile luks,noauto
Now, there is no systemd device at all, the expected
dev-mapper-mnt-usb.devicedoes not exist.
According to the manpage of
crypttab, there is no option like
x-systemd.automount for crypt devices.
Is there a possibility to configure systemd to decrypt the device only if it is accessed?