safeguard-bash
One Identity Safeguard Bash and cURL scripting resources (by OneIdentity)
zfsUnlocker
A modular zfs unlocker hook for mkinitcpio on Archlinux. (by ipaqmaster)
safeguard-bash | zfsUnlocker | |
---|---|---|
1 | 2 | |
7 | 20 | |
- | - | |
2.4 | 7.6 | |
6 months ago | 9 days ago | |
Shell | Shell | |
Apache License 2.0 | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
safeguard-bash
Posts with mentions or reviews of safeguard-bash.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-09-06.
-
Ansible and SafeGuard
I took a look at this link: https://github.com/OneIdentity/safeguard-bash but it seems very complicated to me to integrate it.
zfsUnlocker
Posts with mentions or reviews of zfsUnlocker.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-29.
-
How do I configure the refind.conf and refind_linux.conf (and or config.yaml (for ZFSBootMenu)) files properly when installing Arch Linux with ZFS Native Encryption?
Personally I hate keyfiles and any form of zfs unlocking automation which stores things locally (I suppose TPM cryptography is a good exception). While I use a traditional EFI /boot with systemd-boot (bootctl) I made this initramfs hook so that my machines can dynamically unlock themselves from my vault cluster with a revokable token. Not quite the same approach and if there's no networking a machine could get caught dead in the water for booting back to a password prompt, but it's good enough right now that I use it on everything.
-
What would be the best way to set up an encrypted dataset that uses a keyfile and that automatically will lock/unlock itself depending on if the keyfile is available?
This is my Vault solution for an mkinitcpio-powered initramfs. I use it on my router as well which is a zfs root Arch install handling a good 20 static routes with a stateful firewall.
What are some alternatives?
When comparing safeguard-bash and zfsUnlocker you can also consider the following projects:
ansible-authentication-services - Ansible automation for Authentication Services
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
ramroot - Load root file system to ram during boot.
efifs - EFI FileSystem drivers
Archboot - Archboot is a most advanced, modular Arch Linux boot/install image creation utility to generate bootable media for CD/USB/PXE, designed for installation or rescue operation.
zfsbootmenu - ZFS Bootloader for root-on-ZFS systems with support for snapshots and native full disk encryption
usb-samplerate-unlocker - USB (HAL) Audio Class drivers on Android have a limiter of sample rates at 96kHz. This magisk module unlocks the limiter.