Creating and Mounting an Encrypted Filesystem

Libraries: If you want this lab, consider one of these libraries.
Cloud

Creating and Mounting an Encrypted Filesystem

Understanding the steps needed to create and mount an encrypted filesystem is valuable, in order to keep data secure. In this hands-on lab, we will work with filesystem utilities to create a partition, encrypt it, and format it to make it available for mounting as an encrypted filesystem. At the conclusion, we will verify that the encrypted filesystem is ready for daily use by decrypting it, mounting it, using it, unmounting it, and then encrypting it again.

Get started Contact sales

Lab Info

Level

Intermediate

Last updated

Sep 13, 2025

Duration

30m

Challenge

Install cryptsetup Software Package
Use yum to install the cryptsetup package:
```
sudo -i
yum -y install cryptsetup
```

Challenge

Create a Partition Using All Space on the /dev/xvdg Device

Use fdisk to create a new default partition:

fdisk /dev/nvme1n1

Press n and use all the defaults to create a new partition:

Command (m for help): n
Partition Type: p
Partition number (1-4, default 1): Press Enter to accept the default
First sector: Press Enter to accept the default
Last sector: Press Enter to accept the default

Press w to write the changes to the partition table and exit:

Command (m for help): w

Challenge

Use cryptsetup luksFormat to Format the Partition to be Encrypted
Format the /dev/nvme1n1p1 partition to be encrypted with the passphrase TALK3nkrpTED:
```
cryptsetup -y luksFormat /dev/nvme1n1p1
```
Challenge

Open the Encrypted Device, Create an ext4 Filesystem, Close the Encrypted Device, and then Create the /mnt/keys Directory
Use cryptsetup luksOpen to decrypt the device and view its symlink in the /dev/mapper directory with the ls command. Use mkfs to create an ext4 filesystem, and mkdir to create the /mnt/keys directory:
```
cryptsetup luksOpen /dev/nvme1n1p1 cryptvol
```
Use the passphrase TALK3nkrpTED:
```
ls -l /dev/mapper
mkfs -t ext4 /dev/mapper/cryptvol
cryptsetup luksClose cryptvol
mkdir /mnt/keys/
```
Challenge

Demonstrate the Daily Use of the Encrypted Partition by Opening, Mounting, Accessing, Unmounting, and Closing It
For daily use, run cryptsetup (using luksOpen) to decrypt the partition and luksClose to encrypt it. When the partition is decrypted, it can be mounted, and it should be unmounted before it is closed or encrypted. Use touch to create an /mnt/keys/access file, and ls to display it:
```
cryptsetup luksOpen /dev/nvme1n1p1 cryptvol
```
Use the passphrase TALK3nkrpTED, then:
```
mount /dev/mapper/cryptvol /mnt/keys
touch /mnt/keys/access
ls -l /mnt/keys/
umount /mnt/keys
cryptsetup luksClose cryptvol
```

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.