Encrypt external drive
We encrypt the external drive to stop anyone gaining physical access to our drive from being able to see all our media assets. If this is not a concern, you can skip this step. I would encourage you to listen to Darknet Dairies episode #163: Ola before choosing to do so.
We need to create a LUKS encrypted drive with an ext4 file system. On Linux, we can use the file manager GUI tools to create this encrypted drive.
If you prefer using the terminal or are using the Windows Subsystem for Linux (WSL2), continue reading the command line instructions below. If you are running from the Windows Subsystem for Linux (WSL2), there may be some preamble to get things started. You can read more about this here.
Caution
Securely store the encryption password. If you loose it you will loose access to all the files stored in this drive.
Command Line Encryption
- Identify the path to your drive, similar to
/dev/sdc.- You use
lsblkto list all the available drives and their path.
- You use
- Use
cryptsetupto encrypt the drivesudo cryptsetup luksFormat <drive path> --type luks2 --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random - Plug and decrypt the drive
sudo cryptsetup open <drive path> immich_drive - Create the file system
sudo mkfs.ext4 /dev/mapper/immich_drive
Command Line Decryption
- Plug in the drive and identify it’s path, similar to above.
- Decrypt the drive
sudo cryptsetup open <drive path> immich_drive - Mount the drive
sudo mount /dev/mapper/immich_drive /mnt/immich_drive