I have luks set up on my server and it is kind of annoying to type the password at reboots (mostly power outages). Strictly speaking I do not need the luks, but I feel its good to have anyway. I was thinking of getting a yubikey and just leaving it on or at least telling a trusted family member where to get it and to plug it in when turning it on.
Has anyone over come a similar set up or issue?
For some clarity I am not a pro and the homelabing is mostly just a learning experience for me.
I use yubikey for ssh access mostly (setting it and GPG signatures with unextractable key was fun and messy). Moving secret key across machines became quite easy to do in a secure manner. I was thinking about making it boot key for my portable laptop, but ended up just having throwaway policy about its contents and relatively weak encryption passwords not worth bruteforcing. Losing a key to a laptop that could be lost itself on the other hand sounds like quite a shame. With stationary server, I don’t know, I feel like anything more complicated then a power switch that could be operated with physical access IMO does not provide extra security because - yubikey left in a rack is just as hard to push as power button.
Also make sure you have more than one, they could easily break, be lost, or eaten by a dog named Kubernetes. Seriously, I had friends who neglected this advise and got in a mess.
It’s not like I’m a fan of yubikeys, I just happened to get quite a lot of them on one of a gigs I was doing and had to come up with sensible uses. Well, signing git commits and other gpg stuff was not sensible.