> I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.

Isn't this rather trivial? You gen a keyfile, register it with luksAddKey, then update /etc/crypttab, no? The real concern is making sure that keyfile is stored securely, but you can simply symmetrically encrypt it and upload it to your favorite cloud storage provider.

▲

kubik369 7 hours ago | parent [-]

Uuh, I am not sure. I believe that he was talking about having full disk encryption which means that he needs to input the password to unlock the boot partition.

	▲	drnick1 6 hours ago \| parent [-]
		You can use TPM2 to automatically unlock the root partition and not have to input a password manually at boot. This is how my laptop (running Arch, btw) is setup. Whether or not disk encryption is necessary for a system that is physically secure at home or elsewhere is debatable however. But a laptop can be easily left somewhere and disk encryption seems necessary unless it never leaves home.