When a libvirt hypervisor has to be rebooted and its root disk is encrypted, typing a password is often inconvenient when there is no keyboard and screen attached to it. Instead the password can be stored in a USB key that is plugged in during the reboot process and removed when the reboot is complete.
It relies on the passdev script.
The USB key needs an ext4 partition that can be created with
And the password file added to it with:
echo -n supersecret > /media/loic/password/password.txt
On the machine with the encrypted disk replace the line that looks like this in
sda5_crypt UUID=1327ebfe-3369-4409-bfff-93dd088241fd none luks,discard
With another that looks like this:
sda5_crypt UUID=1327ebfe-3369-4409-bfff-93dd088241fd /dev/disk/by-label/password:/password.txt:15 luks,discard,keyscript=/lib/cryptsetup/scripts/passdev
initramfs must be updated as follows:
$ update-initramfs -k all -u