On Fri, Jan 10, 2020 at 04:42:43PM +0100, Peter Krempa wrote:
The necessity to specify the secret value as command argument is
insecure. Allow reading the secret from a file.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/manpages/virsh.rst | 5 +++--
tools/virsh-secret.c | 30 +++++++++++++++++++++++++++---
2 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index fcc8ef6758..992b1daf90 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -6558,10 +6558,11 @@ secret-set-value
.. code-block::
- secret-set-value secret base64
+ secret-set-value secret (--file filename | base64)
Set the value associated with *secret* (specified by its UUID) to the value
-Base64-encoded value *base64*.
+Base64-encoded value *base64* or from file named *filename*. Note that *--file*
+and *base64* options are mutually exclusive.
secret-passwd
Please include a way to read the secret from an EBCDIC-encoded file,
just for completeness.
Jano