So the original problem was the disk decryption password, but now instead you have a internet accessible serial console?
Seems to me like it would be better to keep the sensitive info on a separate encrypted partition/disk and let the server boot unencrypted so you can ssh in and unlock the sensitive data.
This solution would probably be harder to maintain and secure than a more straightforward solution to the original problem.
Seems to me like it would be better to keep the sensitive info on a separate encrypted partition/disk and let the server boot unencrypted so you can ssh in and unlock the sensitive data.
This solution would probably be harder to maintain and secure than a more straightforward solution to the original problem.