[pacificenigma]

For years I've used https://github.com/anatol/booster to unlock LUKS partitions using network bound disk encryption with https://github.com/latchset/clevis and https://github.com/latchset/tang. Works well, especially as Tang is stateless (so deployment and high availability is easy) and Booster falls back to password entry if Tang is unavailable.

[aflukasz]

Thumbs up for clevis/tang, happy user here, too!

Did not hear about booster. Its README claims "Clevis style data binding. The encrypted filesystem can be bound to TPM2 chip or to a network service.". Does it mean that it tries to deliver various bindings independently from clevis pins, even when duplicating their functions?