[RFC PATCH 0/1] secret: Inhibit shutdown for ephemeral secrets
Michal Privoznik
mprivozn at redhat.com
Tue Dec 20 08:27:10 UTC 2022
I'm kind of convinced that we want to do this, but also it's a
significant change in the behaviour of the daemon, hence RFC prefix.
This stemmed from a discussion with a user who wants us to use something
more secure than base64 encoded secret values stored on a disk. They
suggested storing the values in TPM and while that might sound like a
good idea, I suggested using ephemeral secrets for the time being. Well,
because of '--timeout 120', ephemeral secrets are short lived, indeed.
Meanwhile, let me see if there's a library we could use to talk to TPM.
Michal Prívozník (1):
secret: Inhibit shutdown for ephemeral secrets
src/secret/secret_driver.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
--
2.38.2
More information about the libvir-list
mailing list