Re: [libvirt] [PATCH v3 02/10] conf: Add new secret type "passphrase"

>> Ok, so for LUKS i'd expect us to continue to just use the existing >> USAGE_TYPE_VOLUME we already have for this purpose. >> > > That then requires the "usage" of a <secret> in the domain xml to list > the volume path. So rather than: > > <encryption format='luks'> > <secret type='passphrase' usage='luks_example'/> > </encryption> > > it'd be: > > <encryption format='luks'> > <secret type='volume' usage='$LUKS_VOLUME_PATH'/> > </encryption> > > (or of course uuid='$UUID') > > I was looking to have a "more clear" delineation between a secret that > "could be" generated automagically (e.g. some randomly generated > passphrase) for a qcow volume and one that "someone" defines/sets for a > luks volume. Why would we want any such delineation ? Regardless of where the secret is generated, it is still used in the same functional manner, so I don't see an obvious benefit to distinguish them ?