data at rest best way to encrypt, 2fa on console cli


Renowned Member
Nov 13, 2012

i know we can secure gui, ssh with 2fa but is it possible to 2fa console login?

also with many companies requiring encryption for data at rest how are you encrypting data?

easiest is to do it at the storage level but that requires manual interaction with with every reboot unless you secure console with 2fa (in case os disk and data disk). os protected with 2fa has key stored to unlock vm volume.
what are other creative ways of securing data at rest with no manual intervention?
- encryption within vm
- os drive with key to unlock vm data drive (2fa console login possible?)
- network / ssh unlock but that requires manual intervention
- i think there are ways to luks os drive to auto unlock it at boot and unlock data as well
- can sed drives be used for zfs mirror boot? (perhaps easiest option?)
just trying to see what options are out there.
Last edited:


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!