LUKS encrypted loopback device management script

Found a good script which I modified a bit - which allows to:

• create a LUKS encrypted loopback device, set the password to opening it
• mount it to specific directory with password
• close (unmount) it when needed

I used it to store MySQL volume data in encrypted volume, as one of my clients requested this option.

Usage:

• to create volume: set the size and path in the script and run:

  sudo ./securevolume.sh create

  set the volume password and save it somewhere, you'll need it when opening (mounting) the volume
• to open the volume:

  sudo ./securevolume.sh open

  and enter the password
• to unmount it:

  sudo ./securevolume.sh close

The source code of securevolume.sh - adjust it before running, it is easy (if not - drop me an email):

#!/usr/bin/env bash

loopdevice=/dev/loop0
loopfile=/home/auth/keycloak/mysqlcrypt.loop

#megabytes
loopsize=2048

#/dev/mapper/xxxxx when open
cryptmapper=mysqlvolume

makefilesystem=ext4

#mountpoint of uncrypted device
mountpoint=/home/auth/keycloak/mysqlsecure

#creates a new loopback file
create() {
  echo creating a file with size ${loopsize}M with random bits.. this could take a while..
  dd if=/dev/urandom of=$loopfile bs=1M count=$loopsize
  losetup $loopdevice $loopfile
  cryptsetup luksFormat -y $loopdevice
  cryptsetup open $loopdevice $cryptmapper
  mkfs.$makefilesystem /dev/mapper/$cryptmapper
  cryptsetup close $cryptmapper
  losetup -d $loopdevice
  losetup -a
}

#mounts crypted loopback file
open() {
  losetup $loopdevice $loopfile
  cryptsetup open $loopdevice $cryptmapper
  mount /dev/mapper/$cryptmapper $mountpoint
}

#unmounts previously mounted loopback file
close() {
  umount $mountpoint
  cryptsetup close $cryptmapper
  losetup -d $loopdevice
}

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

echo loopdevice  $loopdevice
echo loopfile    $loopfile
echo loopsize    $loopsize
echo cryptmapper $cryptmapper
echo filesystem  $makefilesystem
echo mountpoint  $mountpoint
echo command     $1

$1