This project has moved. For the latest updates, please go here.

Veracrypt on Centos 7 web server

Topics: Technical Issues, Users Discussion
Mar 3 at 12:34 AM
Hi everyone,

I am considering Veracrypt for a data at rest encryption solution aimed at HIPAA compliance. We have a Centos 7 bare metal server running at Softlayer (IBM) which hosts an SAAS website.

I have seen that Vercrypt can be installed and used on Linux, also from just the command line. One of the steps in creating the encrypted containers involves creating a random seed by moving the mouse randomly in the UI version. Of course, our server doesn't have X installed or runs a GUI, so I assume that if I wanted to create an encrypted container, I would need to do so on another machine with a GUI and then copy the container file to the Centos 7 server, of course installing Veracrypt also on the server. Is this the only way to do this?

Also, the main need for encryption right now is to have data at rest encryption in the MySQL db. I assume that after creating the container I would assign the MySQL data directory and other working directories to be within the container. Does anyone have actual experience setting up such a system? If so, do you have caveats from your experience in doing this that you could share with me? Does the db take a significance performance hit by putting the MySQL data files and other working files in a VeraCrypt container? Sometimes certain queries require very large temp files behind the scene, and these can be very large. I assume I would want to make sure these files were also within the container.

Today, MySQL has its own table level encryption functionality. I wonder what advantages and disadvantages would occur in the use of VeraCrypt for data at rest encryption instead of the native MySQL functions?

Thanks much,

Michael