Go tool for managing Linux filesystem encryption
fscrypt is a high-level tool for the management of Linux filesystem encryption. This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories. For a small low-level tool that directly sets policies, see fscryptctl.
To use fscrypt, you must have a filesystem with encryption enabled and a kernel that supports reading/writing from that filesystem. Currently, ext4, F2FS, and UBIFS support Linux filesystem encryption. Ext4 has supported Linux filesystem encryption since v4.1, F2FS added support in v4.2, and UBIFS added support in v4.10. Other filesystems may add support for native encryption in the future. Filesystems may additionally require certain kernel configuration options to be set to use native encryption.