Updated docs and examples to include new device_prefix option

rgooding · rgooding · commit c7b01c4e9d74 · 2026-01-21T13:00:58.000Z
diff --git a/README.md b/README.md
@@ -161,6 +161,9 @@ retry_delay = 5
 level = "info"
 format = "json"
 output = "/var/log/vault-dm-crypt.log"
+
+[dmcrypt]
+device_prefix = "crypt"  # Prefix for dm-crypt device names (default: "crypt")
 ```
 
 #### Option 2: AppRole Authentication
@@ -183,12 +186,16 @@ retry_delay = 5
 level = "info"
 format = "json"
 output = "/var/log/vault-dm-crypt.log"
+
+[dmcrypt]
+device_prefix = "crypt"  # Prefix for dm-crypt device names (default: "crypt")
 ```
 
 **Notes**:
 - Use either `vault_token` OR `approle`/`secret_id`, not both. The two authentication methods are mutually exclusive.
 - The `vault_path` supports the `%h` placeholder which is replaced with the short hostname of the machine. This allows organizing keys by hostname.
 - For vaultlocker compatibility, set `vault_path = "vaultlocker"` (without hostname placeholder)
+- The `device_prefix` option controls the prefix used for dm-crypt device mapper names (e.g., `/dev/mapper/crypt-<uuid>`). Set to `"vaultlocker"` for compatibility with Python vaultlocker. Can also be set via `VAULT_DM_CRYPT_DEVICE_PREFIX` environment variable.
 
 ## Vault Configuration
 
diff --git a/configs/systemd/README.md b/configs/systemd/README.md
@@ -77,6 +77,9 @@ backend = "secret"
 approle = "12345678-1234-1234-1234-123456789012"
 approle_name = "vault-dm-crypt-prod"  # Required for refresh
 secret_id = "87654321-4321-4321-4321-210987654321"
+
+[dmcrypt]
+device_prefix = "crypt"  # Prefix for dm-crypt device names (default: "crypt")
 ```
 
 ## Monitoring
diff --git a/test/integration/README.md b/test/integration/README.md
@@ -246,6 +246,9 @@ retry_delay = 5
 level = "debug"
 format = "text"
 output = "stdout"
+
+[dmcrypt]
+device_prefix = "crypt"  # Prefix for dm-crypt device names (default: "crypt")
 ```
 
 ## Security Considerations
