I'd like to create a secure VM who's virtual hard drive is encrypted and requires a password when I run vagrant ssh. What's the best way to go about this?
Answers to your questions
I'd like to create a secure VM who's virtual hard drive is encrypted and requires a password when I run vagrant ssh. What's the best way to go about this?
Vagrant requires SSH for a lot of it’s provisioning and post-provisioning tasks. The safest approach would be to use a custom public key with an encrypted private key. Use ssh-agent to decrypt the key before use.
You have two options for SSH keys and an encrypted volume:
1. Build a custom box pre-configured with an encrypted drive and secure SSH key.
2. Build a minimal box. Create your encrypted volume and ssh keys using post-provisioning scripts.
Option 1 would be faster to bring up each time, but would be more complex to build, and would have a global encrypted disk and SSH key.
Option 2 would be somewhat more secure. You’d have to design your post-provisioning keys separately.
Beyond that though, I don’t see a good use case for what you’re asking. Vagrant is not a tool for building public or production machines; it’s a tool for developing and testing code. Security shouldn’t be a high priority for that use case.