On 10/1/20 2:30 PM, Olaf Meeuwissen via Dng wrote:

> - /etc?  'cause you might end up saving clear text passwords there ...
>           Oh!  I found one below/etc/wpa_supplicant/.
>           There might be others.

could also be clear-text : smtp account password(s), network-manager
saves connection passwords there, system backup passwords, mysql also
has debian-sys-maint password. and there are probably more clear-text
examples in /etc/

apart from clear-text passwords, most encryption keys for daemons are
stored in /etc.

> -/var? Eh, /var/spool/  may have mail and print jobs, at least for some
>           time./var/log/  may contain sensitive stuff ...

+
/var/lib is mostly data.. mysql data, dns data, tor data, etc.

/var/backups ....

--

and yes, swap can be encrypted too, very very easily.