Re: [libvirt] [PATCH 2/4] qemu: Introduce qemuBuildSecretObjectProps
On Wed, Jun 01, 2016 at 09:04:00 -0400, John Ferlan wrote:
[...]
In a way I was hoping that the ",data=" option could have
been used, but
that leaves a base64 encoded master key on the command line along with
the base64 encoded secret and iv, which yes, would allow someone
sufficiently privileged enough to read any logs the ability to decipher
the secret.
Not only log files. A straight ps -ef would disclose everything needed
for somebody to know the password.
As it was iterated a few times already, the passwords need to be kept
secret by either encrypting them by a secret key (which needs to be
passed via a file, there is no other way) or by passing them via a file.
If you disclose the key along with the encrypted data it's no longer a
secret. It's basically the same as base64 encoding. Humans can't read
it. Hackers can. I thought that was clear enough.
So you will never get around using a file. Also that's the reason why I
object in supporting any insecure way to pass the data.
Peter