clevis
https://github.com/latchset/clevis
Tang / TPM2
zfspasskey
https://github.com/FiloSottile/mostly-harmless/tree/main/zfspasskey
See https://bsky.app/profile/filippo.abyssdomain.expert/post/3lotxpnx5ym24 for description.
Made a little web server to unlock and mount encrypted ZFS datasets using passkeys and age.
What’s neat is that the password never touches the client! Attackers need to compromise first the server, and then the passkey.