A big feature I’d like to see in MAAS is the ability to deploy encrypted filesystems, both using LUKS encrypted partitions with traditional filesystems, and with ZFS native encryption. right now I don’t have great options for full lifecycle management because all of our deploys need full encryption, and I can’t see a good way to provide that with MAAS right now.
I imagine to make this really work, MAAS would have to have some idea of an internal secrets store, so you could store the encryption key / password details. a future very useful expansion would be an API to hook common secrets stores, like typical cloud providers, or Hashicorp Vault.
is there anything like this on a roadmap, or some hacks people are currently using to provide this?