Ask HN: How do you encrypt data on virtual machines in the cloud?

Hi HN,<p>I am looking for a standard or at least widely used way to encrypt data at rest on VMs running in the cloud. I am also interested in reasons why this isn&#x27;t the standard way of doing things.<p>I recently started working on a project where I potentially need to cache customer data on disk. At this point, the simplest and the most portable option for me is to run services on cloud VMs. I have experience setting up full disk encryption on dedicated servers, but my methods are not scalable enough for me to take full advantage of the cloud.<p>As the cloud provider has full control of the instance, I don&#x27;t consider them a threat in this context. I&#x27;m well aware that they would be able to extract keys from memory or perform a man in the middle attack on the initial connection used to unlock the encrypted partition. What I am concerned about is that data might be accessible if I delete the instance or if the SSD storing the data gets stolen or is sent to be recycled.<p>My attempts to find a good solution revolved around modifying a debian cloud image and writing to disk from initramfs, but there are many ways to approach the problem and I&#x27;m not sure which one is the least hackish. What I hope to achieve is to be able to handle everything using a script with minimal user interaction, through SSH. Although I think that I would be able to do write the script myself, I&#x27;d like to avoid reinventing the wheel.<p>What is your advice on encrypting cloud VMs?