- Pick a volume to encrypt and mount. This should be an empty volume, as this process completely erases all of the content on this volume. For this example, /dev/sda3 is being encrypted and mounted at /mnt/secure.
- Prepare the volume
cryptsetup luksFormat /dev/sda3
- Create the encrypted virtual device. This will be created at /dev/mapper/secure (replace "secure" with whatever you want to call it. This is an arbitrary value)
cryptsetup luksOpen /dev/sda3 secure
- Create a filesystem on this virtual device
mke2fs -j /dev/mapper/secure
- Create the mountpoint
mkdir -p /mnt/secure
- Get the UUID of this device
cryptsetup luksUUID /dev/sda3
- Add this UUID to /etc/crypttab
luks-d77eb752-8a90-4d94-ae9f-2bec0a22c5d3 UUID=d77eb752-8a90-4d94-ae9f-2bec0a22c5d3 none
