Handle command line argument value from in-memory / inject content instead of use cli argument

Is there a way to handle command line arguments from in-memory? My concrete problem is, I have a volume encrypted with luks, with a detached header file.

Setup as following:

  • workstation
  • server

I don't want to store the header file on the the server, so I keep it on workstation. When I want to decrypt the luks volume, I want to issue a simple ssh command from the other machine, without storing the header file on the server For example:

sh
ssh [email protected] "cryptsetup luksOpen /dev/mdx/ --header=... volume1"

Is there a way to keep the header file locally on workstation, and only transfer the content of the file over the ssh connection, which are handled on the server side and treated as local file argument?

The problem here (as I understand it), is that cryptsetup opens and reads the file specified as --header. Is there a Linux/UNIX way to fake this, and "push/inject" the content of the file into the command?

Currently I'm using a USB stick, where the header is stored.

I hope it's clear what I want, English is not my native language, perhaps something got lost in translation.


EDIT: What about a temp/ram-fs where is store/copy the file to after each reboot? I just discoverd that there is default tempfs, /dev/shm is it safe to use it?


Solution 1:

The /dev/shm file system is designed for shared memory. As explained in this Cyberciti article:

/dev/shm is nothing but implementation of traditional shared memory concept. It is an efficient means of passing data between programs. One program will create a memory portion, which other processes (if permitted) can access. This will result into speeding up things on Linux.

Just like /tmp which is also a tmpfs file system on modern Linuxes, anything you store there will be kept in memory and will be deleted on reboot. However, I don't know of any reason why you can't use /dev/shm for storing files that you want to have accessible. And I can confirm that in the place I work, we regularly use /dev/shm on our production systems to store a set of files that will be used by many programs and which are created on each boot.

So I would say you can go right ahead and store the file there on every boot if that is a working solution to your problem.

Solution 2:

You may be able to use process substitution, <(command). This is replaced with a transient filename that represents a pipe containing the output of the command.

ssh [email protected] cryptsetup luksOpen /dev/mdx/ --header=<(cat) volume1 < /path/to/headerfile