Encrypting an LXC/LXD container

I apologize if this has been asked before but all of those were old threads so I felt I could ask again.

I am interested in some sort of a container encryption whereby I can add sensitive files to a container or otherwise restrict access. Is there something like this and even if not natively, some recommendation on best practices?

You can back some specific storage pools by block devices coming from LUKS/cryptsetup but that’s about the extent of what people will usually do.

In this kind of setup, you’ll need to disable LXD startup on boot and have a manual step to unlock the LUKS devices and then startup LXD so it can mount the pools.

Thanks Stéphane. Would it then be possible to have a storage pool per container or do all containers have to share the same storage pool?

LXD can have multiple storage pools, you can then choose which containers are on the encrypted storage and which aren’t