[libvirt] [PATCH 3/4] virsh: secret: Allow setting secrets from file
Daniel P. Berrangé
berrange at redhat.com
Tue Jan 21 13:38:13 UTC 2020
On Fri, Jan 10, 2020 at 04:42:43PM +0100, Peter Krempa wrote:
> The necessity to specify the secret value as command argument is
> insecure. Allow reading the secret from a file.
>
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> docs/manpages/virsh.rst | 5 +++--
> tools/virsh-secret.c | 30 +++++++++++++++++++++++++++---
> 2 files changed, 30 insertions(+), 5 deletions(-)
>
> diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
> index fcc8ef6758..992b1daf90 100644
> --- a/docs/manpages/virsh.rst
> +++ b/docs/manpages/virsh.rst
> @@ -6558,10 +6558,11 @@ secret-set-value
>
> .. code-block::
>
> - secret-set-value secret base64
> + secret-set-value secret (--file filename | base64)
>
> Set the value associated with *secret* (specified by its UUID) to the value
> -Base64-encoded value *base64*.
> +Base64-encoded value *base64* or from file named *filename*. Note that *--file*
> +and *base64* options are mutually exclusive.
You added a --plain option to secret-get-value.
It would naturally suggest that we do the same here, then we can
support
secret-set-value $BASE64STR
secret-set-value --plain $RAWSTR
secret-set-value --file FILENAME-WITH-BASE64-STR
secret-set-value --plain --file FILENAME-WITH-RAW-STR
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list