On Mon, Oct 19, 2015 at 04:09:32PM +0100, Daniel P. Berrange wrote:
> There are a variety of places where QEMU needs to have access
> to passwords, encryption keys or similar kinds of secrets.
>
> - VNC / SPICE user passwords
> - Curl block http / proxy passwords
> - RBD auth password
> - iSCS
On Mon, Oct 19, 2015 at 06:13:24PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
>
>
>
> > It is obvious there there is a wide variety of functionality
> > in QEMU that needs access to "secrets". This need will only
> > grow over time. We need to stop h
* Daniel P. Berrange (berra...@redhat.com) wrote:
> It is obvious there there is a wide variety of functionality
> in QEMU that needs access to "secrets". This need will only
> grow over time. We need to stop having everyone invent their
> own dangerous wheels and provide a standard mechanism fo
On Mon, Oct 19, 2015 at 05:05:58PM +0100, Alex Bennée wrote:
> Daniel P. Berrange writes:
>
> > There are a variety of places where QEMU needs to have access
> > to passwords, encryption keys or similar kinds of secrets.
> >
>
> >
> > Example usage for creating secrets...
> >
> > Direct password
Daniel P. Berrange writes:
> There are a variety of places where QEMU needs to have access
> to passwords, encryption keys or similar kinds of secrets.
>
>
> Example usage for creating secrets...
>
> Direct password, insecure, for ad-hoc developer testing only
>
> $QEMU -object secret,id=sec0
There are a variety of places where QEMU needs to have access
to passwords, encryption keys or similar kinds of secrets.
- VNC / SPICE user passwords
- Curl block http / proxy passwords
- RBD auth password
- iSCSI CHAP password
- x509 private key password
- QCow/QCow2 encryption key
QEMU ha