Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"

On 06/21/2016 08:08 AM, Peter Krempa wrote: Perhaps a rephrasing... Instead of: <secret ...> ... <usage type='key'> <key>Text</key> </usage> ... </secret> The preference is: <secret ...> ... <usage type='passphrase'> <XXX>Text</XXX> </usage> ... </secret> Where, I'm struggling what to call "XXX". It's not a <passphrase>... <usage type='volume'> uses <volume> <usage type='ceph'> uses <name> <usage type='iscsi'> uses <target> So given that, does the following work? <usage type='passphrase'> <id>Text</id> </usage> In the long run "Text" is what's used by the <domain...> in order to match/find the secret. Currently the domain secrets have: <domain> ... <encryption format='qcow'> <secret type='passphrase' uuid='xxxx'/} </encryption> ... <disk> ... <auth ...> <secret type='{iscsi|ceph}' {usage|uuid}='string'/> </auth> </domain> where "usage='string'" essentially the contents of <secret....> <usage...> "Text" NB: There are patches to allow usage for <encryption ... <secret...> So, for LUKS we would then have <domain> ... <encryption format='luks'> <secret type='YYY' {uuid|usage}='string'/> </encryption> The YYY could be 'passphrase', right? Furthermore "the future" would "reuse" this <secret> type - so I'm trying to make it generic as possible. John