Hello.
My question is basically the title. Can a jellyfin installed with rootles docker access media that is stored on a encrypted hard drive?
I have almost zero docker experience since i just started using it and I just want to know if it’s possible.
Decryption is not related to root permission.
If the ENCRYPTED drive is mounted to the container, then the container can decrypt it.
If the DECRYPTED drive is mounted to the container, then the container never knows it was encrypted in the first place.
Second case is easier BTW. Just mount the drive on your host, type in the encryption password and you get a new, unencrypted drive. Specify this new drive in your docker compose/docker file.
Oh sorry seems i explained it poorly.
That encrypted drive drive is set to automount on boot since I added it to /etc/fstatb and /etc/crypttab.
This makes things easier. Thank you for clarifying.
But weakens your security posture. If you’re worried enough to encrypt the drive, you shouldn’t be auto mounting it.
This really depends on your threat model. If you are only concerned about the drive getting stolen, or wanting to keep the data on it private if you need to RMA the drive, mounting it automatically on boot with a key stored on the rootfs can be perfectly fine. If you are a journalist in a hostile country and protecting your sources from state level actors is a matter of life and death, then yeah, this would be woefully insufficient.
Yes. But the main ssd where the OS is installed is also encrypted with different password. So you must first unlock the ssd anyway to automount the hdd.