Module luks

Structs§

EncryptedVolume: Created + open + mounted handle to an encrypted volume. The mount_path is what the Docker backend bind-mounts at data_path inside the container. Drop semantics: do NOT do anything on drop — destruction is explicit via destroy_encrypted_volume, which the docker backend calls from delete_container. (Doing it on drop would risk double-destruction on retry paths.)

check_cryptsetup_available: Verify cryptsetup is on PATH. Provider should call this at startup if any template it serves has data_path: Some(_) and the operator has not opted out of consumer-encrypted volumes. Returns the version string so the operator can log what they got.
create_encrypted_volume: Create + format + open + mount a LUKS-encrypted volume for the given workload id. Returns the mount path the caller should bind into the container.
destroy_encrypted_volume: Tear down everything create_encrypted_volume set up. Idempotent — never errors on “already gone”. Order matters: