We have some customer requirements coming upon us that involve encrypting 'data at rest'. I'm beginning a datacenter update project to migrate servers up to Centos7 so now would be a good time to investigate or implement this. Doing full disk encryption seems to be easy enough these days, but typing in a complex passphrase over KVM isn't practical in our environment. Also concerned about the performance hit of the encryption on a loaded server. Just beginning this research, what are people doing in this scenario?
[link][29 comments]