The only missing piece of the puzzle is to configure the system to automatically mount the LUKS partition upon boot-up. To do that, configure two different files:

• /etc/crypttab
• /etc/fstab

If you encrypted the sda drive while installing the operating system, you'll already have a crypttab file that contains information about that drive. It would look something like this:

luks-2d7f02c7-864f-42ce-b362-50dd830d9772 UUID=2d7f02c7-864f-42ce-b362-50dd830d9772 none

The first two fields describe the name and location of the encrypted partition. The third field is for the encryption passphrase. If it's set to none, as it is here, then the passphrase will have to be manually entered upon boot-up.

In the fstab file, we have the entry that actually mounts the partition:

/dev/mapper/centos-root /                 xfs     defaults,x-systemd.device-timeout=0 0 0
UUID=9f9fbf9c-d046-44fc-a73e-ca854d0ca718 /boot                   xfs     defaults        0 0

/dev/mapper/centos-swap swap              swap    defaults,x-systemd.device-timeout=0 0 0

Well, there are actually two entries in this case, because we have two logical volumes, / and swap, on top of the encrypted physical volume. The UUID line is the /boot partition, which is the only part of the drive that isn't encrypted. Now, let's add our new encrypted partition so that it will mount automatically, as well.