[libvirt] [PATCH 2/4] qemu: Introduce qemuBuildSecretObjectProps
Peter Krempa
pkrempa at redhat.com
Wed Jun 1 13:23:57 UTC 2016
On Wed, Jun 01, 2016 at 09:04:00 -0400, John Ferlan wrote:
[...]
> In a way I was hoping that the ",data=" option could have been used, but
> that leaves a base64 encoded master key on the command line along with
> the base64 encoded secret and iv, which yes, would allow someone
> sufficiently privileged enough to read any logs the ability to decipher
> the secret.
Not only log files. A straight ps -ef would disclose everything needed
for somebody to know the password.
As it was iterated a few times already, the passwords need to be kept
secret by either encrypting them by a secret key (which needs to be
passed via a file, there is no other way) or by passing them via a file.
If you disclose the key along with the encrypted data it's no longer a
secret. It's basically the same as base64 encoding. Humans can't read
it. Hackers can. I thought that was clear enough.
So you will never get around using a file. Also that's the reason why I
object in supporting any insecure way to pass the data.
Peter
More information about the libvir-list
mailing list