git.proxmox.com Git - mirror_qemu.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 21 Jan 2016 14:19:19 +0000 (14:19 +0000)
committer	Jeff Cody <jcody@redhat.com>
	Mon, 29 Feb 2016 19:54:30 +0000 (14:54 -0500)
commit	60390a2192e7b38aee18db6ce7fb740498709737
tree	2d56f3e8c304185ee732271649571afc46c32f5c	tree
parent	eab8eb8db39813a4ef4655f04128058494a3c4d3	commit \| diff

rbd: add support for getting password from QCryptoSecret object

Currently RBD passwords must be provided on the command line
via

  $QEMU -drive file=rbd:pool/image:id=myname:\
               key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
               auth_supported=cephx

This is insecure because the key is visible in the OS process
listing.

This adds support for an 'password-secret' parameter in the RBD
parameters that can be used with the QCryptoSecret object to
provide the password via a file:

  echo "QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=" > poolkey.b64
  $QEMU -object secret,id=secret0,file=poolkey.b64,format=base64 \
        -drive driver=rbd,filename=rbd:pool/image:id=myname:\
               auth_supported=cephx,password-secret=secret0

Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-2-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>