Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"

On 06/21/2016 08:08 AM, Peter Krempa wrote: While replying to review comments from 6/19, I realized another reason I went with "key" over "passphrase". Consider the existing/old qcow encryption format (http://libvirt.org/formatsecret.html) The <secret> XML looks like: <secret ephemeral='no' private='yes'> <description>Super secret name of my first puppy</description> <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> <usage type='volume'> <volume>/var/lib/libvirt/images/puppyname.img</volume> </usage> </secret> while the <domain> XML has: <encryption format='qcow'> <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> </encryption> or once patch 11 hits: <encryption format='qcow'> <secret type='passphrase' usage='/var/lib/libvirt/images/puppyname.img'/> </encryption> where 'usage' matches 'volume' Using something other than passphrase allowed me to distinguish between that 'old' format and this new style... Using "passphrase" will then have <domain> format of: <encryption format='luks'> <secret type='passphrase' {uuid|usage}='...'>/ And a <secret> format of <secret ephemeral='no' private='yes'> <description>Sample</description> <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> <usage type='passphrase'> <passphrase>somestring</passphrase> </usage> </secret> where "somestring" is just a 'usage' string and not the actual passphrase which would be set by the 'secret-set-value' command. I could have the <secret> XML use something different than passphrase, but key just seemed to be the most reasonable beyond passphrase. Unless you have a different suggestion for a better name. John Hopefully this was clear...