3 Perform Automated Encryption and Decryption With Clevis

Clevis is client software that can perform automated decryption by using different plugin provider services. Clevis works with the Tang server provider and can handle encryption and decryption operations securely while avoiding key escrow.

You can use Clevis with LUKS to automatically unlock encrypted storage. Tools are also provided to integrate with Dracut so that you can update the initrd boot image to enable Clevis to be used at boot to automatically decrypt a device, if the system has access to the Tang server.