I use openhab also in my factory to manage, in this momement, the ground floor.
I would prevent that the employee can clone the microsd of my raspberry and it can read all my personal data in configuration file.
It is possible to encrypt the configuration file?
I have never tried such a solution…
You could try to use eCryptfs: https://www.howtoforge.com/tutorial/how-to-encrypt-directories-and-partitions-with-ecryptfs-on-debian/
and encrypt the /etc/openhab(2?) directory (with all the files included there)… it should work…
let us know if it works after you try it (always use a backup when trying out these things)
I can recommend VeraCrypt (based on old truecrypt).
You can then mount encrypted volumes where-ever you want to.
Veracrypt has very good Linux support and is also compatible with old true-crypt.
I do this. I have a bash script that is executed when I login, if the veracrypt volumes are not mounted, the will be mounted and I will be asked to provide password.
Thanks Seaside for the suggestion. I need more information.
Do you use veracrypt with a folder or with all volumes?
I do both. That is I have big files, lets say one is 50 GB, residing on a not encrypted partition. I then mount it as a drive in some folder. The file will remain at 50 GB no matter how much I store on the mounted drive.
I also have entire partitions encrypted. I don’t encrypt the root partition, it can be done but is a bit tricky.
Typically it looks like this for partitions:
# Read Password echo -n EncyptedVols Password: read -s PASSWORD echo # Run Command echo -n PIM: read -s PIM veracrypt /dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-XXXXXXXXX-part3 /some/folder --password=$PASSWORD --non-interactive --pim=$PIM