My notebook runs a fully encrypted version of Debian 13 (including the root filesystem and SWAP). Now it’s time to activate a second NVMe device. This should also be encrypted, but I don’t want to have to specify the passphrase for that device every time I reboot. Instead, the key file should be located on…