CentOS 7: LUKS key on a USB drive
Plagiarized pretty much everything from this fantastic article:
 https://forums.centos.org/viewtopic.php?t=53452
fdisk /dev/sdc
mkfs.ext3 /dev/sdc
mkdir /boot/tmp
mount /dev/sdc1 /boot/tmp
cp mykeyfile /boot/tmp
grep linux16 /boot/grub2/grub.cfg
  luks-…
cryptsetup luksAddKey /dev/disk/by-uuid/0501aed9-6234-484a-9faf-3a6882be00c6 /boot/tmp/mykeyfile
cryptsetup luksAddKey /dev/disk/by-uuid/1584e28a-5842-48b7-42c2-158a215dc31e /boot/tmp/mykeyfile
vi /etc/dracut.conf.d/usb-decrypt.conf
 omit_dracutmodules+=”systemd”
 filesystems+=”ext3″
:wq!
dracut -fv
ls -l /dev/disk/by-uuid
vi /etc/default/grub
 GRUB_CMDLINE_LINUX   rd.luks.key=/mykeyfile:UUID=d6bad5c2-2616-49cc-bc8d-5cf1cdadff5d
grub2-mkconfig -o /boot/grub2/grub.cfg
vi /usr/local/sbin/unmountsdc.sh
 #!/bin/bash
 umount -lf /dev/sdc1
:wq!
chmod 755 /usr/local/sbin/unmountsdc.sh
vi /etc/systemd/system/unmountsdc.service
 [Unit]
 Description=Unmount sdc
 After=network.target
 [Service]
 Type=simple
 ExecStart=/usr/local/sbin/unmountsdc.sh
 TimeoutStartSec=0
 [Install]
 WantedBy=default.target
:wq!
systemctl daemon-reload
systemctl enable unmountsdc.service
reboot
Awesome post! Keep up the great work! 🙂