On 18.04, package cryptsetup provides /etc/cryptsetup-initramfs/conf-hook which states:
# WARNING: If the initramfs image is to include private key material,
# you'll want to create it with a restrictive umask in order to keep
# non-privileged users at bay. For instance, set UMASK=0077 in
# /etc/initramfs-tools/initramfs.conf
Note that there is also /etc/initramfs-tools/conf.d/
On 18.04, package cryptsetup provides /etc/cryptsetup -initramfs/ conf-hook which states:
# WARNING: If the initramfs image is to include private key material, tools/initramfs .conf
# you'll want to create it with a restrictive umask in order to keep
# non-privileged users at bay. For instance, set UMASK=0077 in
# /etc/initramfs-
Note that there is also /etc/initramfs- tools/conf. d/