Mount Veracrypt volumes Linux script

In Veracrypt you can save mounted volumes as favorites which makes it easier to mount those volumes when starting Veracrypt. Although the container and mount path are saved you still need to enter the volume’s password and key if needed for each volume being mounted. On top of that, when using Linux you’ll be prompted to enter your Linux account password for sudo. With several volumes to mount this can be time-consuming and cumbersome.

Fortunately, Veracrypt includes the ability to manage encrypted volumes from the command-line. You can supply the password and key to mount the volumes on the commannd-line in the terminal. You can put these commands in a script to mount multiple volumes. Running from script will allow you to mount several volumes and only have to enter your Linux password for sudo once. However, putting passwords in scripts is a big security risk.

A better way is to have the script prompt for the password. The following script will mount multiple volumes and only prompt for the password one time. To make this work I set the password for the Veracrypt volumes the same as my Linux system password. The script will pass the sudo password (which is the same as the Veracrypt password) to the Veracrypt command satisfying the sudo prompt.

#!/bin/bash
# Mount/unmount Veracrypt (Truecrypt) volumes on Dell laptop
# v2 - Check for mounted volumes and unmount if found. Otherwise mount volumes.

# save and change IFS
OLDIFS=$IFS
IFS=$'\n'

RUNDATE=`date +%Y%m%d`                     # append date to file
LOGFILE='/home/joey/script.log'
LOCKFILE='/home/joey/Temp/veracrypt.lock'  # file to indicate volumes should be mounted
SCRIPT=`basename "$0"`                     # get name of this script

echo --------------------------------------------------------------------------  | tee -a "$LOGFILE"
echo "Executing script: $SCRIPT" | tee -a "$LOGFILE"

# prompt for password
echo "Enter Password (not echoed): "
read -s PASSWORD 

echo "NOTE: If prompted to enter 'Administrator' password, ignore it."

# Check for lock file. If exists unmount volumes else mount volumes
if [ -f $LOCKFILE ]; then 

  echo "Lock file found." | tee -a "$LOGFILE"
  echo "Attempting to un-mount Veracrypt volumes" | tee -a "$LOGFILE"

  # Unmount Veracrypt volumes
  veracrypt --text --dismount

  # Display system notification
  notify-send "Veracrypt" "Veracrypt volumes unmounted." -t 0 -u Normal -i /usr/share/icons/mate/48x48/status/changes-prevent.png

  # Remove lock file
  rm $LOCKFILE

else

  echo "Attempting to mount Veracrypt volumes" | tee -a "$LOGFILE"

  # PUT KEYLESS VOLUMES FIRST
  # Volume 2
  VCSLOT=2
  VCVOLUME=/home/joey/e6ef0971-7801-442f-9f6c-f3f945922efb
  VCMOUNT=/media/veracrypt2
  VCPASSWD=$PASSWORD
  VCKEYFIL=
  echo "Mounting volume $VCVOLUME to mount point $VCMOUNT" | tee -a "$LOGFILE"
  echo $PASSWORD | veracrypt --text --mount $VCVOLUME $VCMOUNT --password $VCPASSWD --pim 0 --keyfiles "$VCKEY" --protect-hidden no --slot $VCSLOT --verbose

  # Volume 1 - requires key
  VCSLOT=1
  VCVOLUME=/home/joey/3c1547fa-1ad3-11eb-adc1-0242ac120002
  VCMOUNT=/media/veracrypt1
  VCPASSWD=$PASSWORD
  VCKEY=/home/joey/.safe/3c1547fa-1ad3-11eb-adc1-0242ac120002.key
  echo "Mounting volume $VCVOLUME to mount point $VCMOUNT" | tee -a "$LOGFILE"
  echo $PASSWORD | veracrypt --text --mount $VCVOLUME $VCMOUNT --password $VCPASSWD --pim 0 --keyfiles "$VCKEY" --protect-hidden no --slot $VCSLOT --verbose

  # List volumes
  echo "Mounted Veracrypt volumes:" | tee -a "$LOGFILE"
  echo $PASSWORD | veracrypt --text --list | tee -a "$LOGFILE"

  # Display system notification
  notify-send "Veracrypt" "Veracrypt volumes mounted." -t 0 -u Normal -i /usr/share/icons/mate/48x48/status/changes-prevent.png

  # Create lock file
  echo $(date) > $LOCKFILE

fi

# restore IFS
IFS=$OLDIFS

echo "Script completed: `date`" | tee -a "$LOGFILE"
echo --------------------------------------------------------------------------  | tee -a "$LOGFILE"


When the above script is run in terminal it prompts for the password and using “tee” outputs log entries to the screen and a file.

joey@HAVEN-E6520:~$ Scripts/veracrypt.v2.sh 
--------------------------------------------------------------------------
Executing script: veracrypt.v2.sh
Enter Password (not echoed): 
NOTE: If prompted to enter 'Administrator' password, ignore it.
Attempting to mount Veracrypt volumes
Mounting volume /home/joey/e6ef0971-7801-442f-9f6c-f3f945922efb to mount point /media/veracrypt2
Volume "/home/joey/e6ef0971-7801-442f-9f6c-f3f945922efb" has been mounted.
Mounting volume /home/joey/3c1547fa-1ad3-11eb-adc1-0242ac120002 to mount point /media/veracrypt1
Volume "/home/joey/3c1547fa-1ad3-11eb-adc1-0242ac120002" has been mounted.
Mounted Veracrypt volumes:
2: /home/joey/e6ef0971-7801-442f-9f6c-f3f945922efb /dev/mapper/veracrypt2 /media/veracrypt2
1: /home/joey/3c1547fa-1ad3-11eb-adc1-0242ac120002 /dev/mapper/veracrypt1 /media/veracrypt1
Script completed: Mon 12 Sep 2022 12:33:50 AM EDT
--------------------------------------------------------------------------
joey@HAVEN-E6520:~$ 

Running the script again causes it to dismount the volumes.

joey@HAVEN-E6520:~$ Scripts/veracrypt.v2.sh 
--------------------------------------------------------------------------
Executing script: veracrypt.v2.sh
Enter Password (not echoed): 
NOTE: If prompted to enter 'Administrator' password, ignore it.
Lock file found.
Attempting to un-mount Veracrypt volumes
Script completed: Mon 12 Sep 2022 12:34:04 AM EDT
--------------------------------------------------------------------------
joey@HAVEN-E6520:~$ 

Resources

https://linuxhint.com/how-to-install-and-use-veracrypt-on-ubuntu/

https://arcanecode.com/2021/06/14/veracrypt-on-the-command-line-for-windows/