Re: [libvirt] [PATCH 5/5] qemu/rbd: improve rbd device specification

On Thu, Sep 15, 2011 at 13:52, Sage Weil <sage(a)newdream.net&gt; wrote: > +static int buildRBDString(virConnectPtr conn, ... > +        /* look up secret */ > +        snprintf(idDomain, sizeof(idDomain), "%s/%s", disk->authId, > +                 disk->authDomain); > +        sec = virSecretLookupByUsage(conn, > +                                     VIR_SECRET_USAGE_TYPE_CEPH, > +                                     idDomain); ... > +            secret = (char *)conn->secretDriver->getValue(sec, &secret_size, 0, > +                                   VIR_SECRET_GET_VALUE_INTERNAL_CALL); > +            /* qemu/librbd wants it base64 encoded */ > +            base64_encode_alloc(secret, secret_size, &base64); > +            virBufferEscape(opt, ":", ":key=%s:auth_supported=cephx\\;none", > +                            base64); If I'm reading this right, that puts the ceph secret on the kvm command line. That's not good, that makes it visible to anyone on the host.