ECO-35 Adding Encryption to Logging Disks
ECO-35 aims to enhance the security of logging disks by implementing encryption protocols. As sensitive information is often stored in log files, ensuring the confidentiality and integrity of this data is paramount. This change is essential for compliance with data protection regulations and to mitigate the risks associated with unauthorized access to sensitive logs.
DoorDash Labs Global Org
06/12/2025
ECO-35 Adding Encryption to Logging Disks
ECO-35 aims to enhance the security of logging disks by implementing encryption protocols. As sensitive information is often stored in log files, ensuring the confidentiality and integrity of this data is paramount. This change is essential for compliance with data protection regulations and to mitigate the risks associated with unauthorized access to sensitive logs.
Required Tooling and Equipment
Covers the needed tooling, equipment and access to specific files or resources in order to carry out the procedure to completion
Access to Script
This script can only be accessed via GitHub. Request has been submitted to export to google folder or equivalent space outside of GitHub accessible by most of the company easily. Once new location is made available, this procedure is to be updated with such information
Ensure the Disk has completed its offload as all content will be erased
Downloading the Script to Linux Laptop w/o VPN
If a linux laptop does not have vpn (many do not) follow this process
Download the file attached to this step
Running the script
Confirm you are running buntu 24.04
open terminal and type: lsb_release -a
Enter the Asset Number on the Drive being formatted
Check to see if fscrypt is installed on the computer by the entering the following in the terminal: dpkg -s fscrypt | grep Version if YES skip to PROCESS STEPS, otherwise continue to the next step
if the answer is "checked "
if the answer is "unchecked "
While connected to the internet, get the fscrypt version that works with ubuntu 24.04. The output should end with “saved” and no error messages. Type: wget https://archive.ubuntu.com/ubuntu/pool/universe/f/fscrypt/fscrypt_0.2.5-2_amd64.deb
Verify the downloaded file hasn’t been corrupted. Output should be “OK” Type: echo "881aa3043c0260539ca9629e3c6402151a1e7044b66d0853fb04dc5eac745e00 fscrypt_0.2.5-2_amd64.deb" | sha256sum --check
Install the downloaded package. No errors should appear during installation. Type: sudo dpkg -i fscrypt_0.2.5-2_amd64.deb
Type: sudo fscrypt setup
Remove the .deb file after it’s been installed. Type: rm fscrypt_0.2.5-2_amd64.deb
Process Steps
Connect the drive to the linux laptop
Connect the drive to the linux laptop
Using the USB-C to USB-C cable, connect the Linux laptop to the hard drive assembly
Find the drive location
Enter the command below to locate the hard drive. Find the line that has a size of ~3.6 - 3.7 Terabytes Type: lsblk -o path,serial,label,size Note: In the screenshot below, the hard drive is located at /dev/sdb, as it is the location that has 3.6 T(erabytes)
Formatting a pre-configured drive
If the drive has been formatted before, it will have the label EXT_STORAGE, but if not, it will show size ~3.6T. If you are unsure, unplug the drive, run the command, then plug it in and run the command again - look at the differences. The block device is often /dev/sda or /dev/sdb but it could be anything. Using the drive location (found in the last step) and the asset id (5 digit number labeled on the device), run the format drive script . (note: you may get a warning if drive has already been formatted, please answer Y and proceed) Type: sudo bash format_drive.sh [block device] [asset_id]
Warning Examples
Warning example below: Enter Y to continue. This will erase all data, please make sure any logs were already uploaded!
Mark the drive upon process completion
If the script finishes and the last line should say “EXT_STORAGE has been formatted”, place a lime green IQC sticker on the bottom of the SSD.
Source: DoorDash Labs Global Org (Community Member)