Create encrypted file vault on Linux


This article describes how to create a secure vault in a single file under Linux. It is protected by Linux Unified Key Setup (LUKS) disk encryption specification, in current particular case LUKS2 used.

Creating password protected LUKS2 vault

Create 512 MB file for vault

dd if=/dev/urandom of=vault.img bs=1M count=512

Create empty volume inside vault file

cryptsetup --verify-passphrase luksFormat --type luks2 vault.img

Open vault and make sure that it was successfully opened (file myvault should be present in /dev/mapper)

sudo cryptsetup open --type luks2 vault.img myvault
ls /dev/mapper

Create a filesystem

sudo mkfs.ext4 -L myvault /dev/mapper/myvault

Close vault if you don't need it right now

sudo cryptsetup close myvault

Creating vault mount point

Create a mount point for your vault. You can place it wherever and name it whatever, you can even skip this step if you want to use /mnt.

mkdir ~/myvault

Using vault

Open up and mount vault

sudo cryptsetup open --type luks2 vault.img myvault
sudo mount /dev/mapper/myvault ~/myvault

Do your secret stuff :)

touch ~/myvault/my-super-secret-file

Unmount and close vault

sudo umount ~/myvault
sudo cryptsetup close myvault