If you use a kickstart file during installation, you can automatically save the passphrases used during installation to an encrypted file on the local file system. To use this feature, you must have an X.509 certificate available at a location that anaconda can access. To specify the URL of this certificate, add the --escrowcert parameter to any of the autopart, logvol, part or raid commands. During installation, the encryption keys for the specified devices are saved in files in / (root), encrypted with the certificate.

Note that this feature is available only while performing a kickstart installation. Refer to Chapter 32, Kickstart Installations for more detail.