[libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Daniel Henrique Barboza danielhb413 at gmail.com
Tue Jan 21 12:57:22 UTC 2020

On 1/10/20 12:42 PM, Peter Krempa wrote:
> The currently existing virsh APIs for secrets are awful for human use
> and don't promote security.
> Peter Krempa (4):
>    virsh: secret: Add 'secret-passwd' command
>    virsh: secret: Allow getting secret's value without base64 encoding
>    virsh: secret: Allow setting secrets from file
>    docs: secret: Unify and sanitize examples on how to set secret value
>   docs/formatsecret.html.in |  86 ++++++++++++++++++----------
>   docs/manpages/virsh.rst   |  26 ++++++++-
>   tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
>   3 files changed, 189 insertions(+), 39 deletions(-)

Code-wise LGTM. I have a question about the design though.

Shouldn't we ask for a password confirmation when setting the secret
via secret-passwd? This would be more on par with how 'passwd' works
in Linux, and can also help to prevent user typos when setting a



More information about the libvir-list mailing list