systemd-cryptsetup

Attach (open) encrypted volume

$ systemd-cryptsetup attach [mapping_name] [/dev/sdXY]

$ systemd-cryptsetup attach [mapping_name] [/dev/sdXY] none [crypttab_options]

$ systemd-cryptsetup attach [mapping_name] [/dev/sdXY] [/path/to/keyfile] [options]

$ systemd-cryptsetup detach [mapping_name]

systemd-cryptsetup attach VOLUME DEVICE [KEY] [OPTIONS]
systemd-cryptsetup detach VOLUME

systemd-cryptsetup creates or removes decrypted mappings of encrypted LUKS volumes. It is the systemd equivalent of `cryptsetup open` and `cryptsetup close`.
Arguments follow the same format as `/etc/crypttab` entries. This tool is primarily used internally by systemd to unlock encrypted devices during boot based on crypttab configuration.

Typically called by systemd automatically, not manually. The mapping appears at `/dev/mapper/<name>`. Supports all crypttab options like luks, discard, etc.

systemd-cryptsetup integrates encrypted volume management with systemd's boot process, enabling automatic unlocking based on `/etc/crypttab` configuration.

cryptsetup(8), crypttab(5), systemd-cryptenroll(1)