Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote: > > > On 1/10/20 12:42 PM, Peter Krempa wrote: >> The currently existing virsh APIs for secrets are awful for human use >> and don't promote security. >> >> Peter Krempa (4): >> virsh: secret: Add 'secret-passwd' command >> virsh: secret: Allow getting secret's value without base64 encoding >> virsh: secret: Allow setting secrets from file >> docs: secret: Unify and sanitize examples on how to set secret value >> >> docs/formatsecret.html.in | 86 ++++++++++++++++++---------- >> docs/manpages/virsh.rst | 26 ++++++++- >> tools/virsh-secret.c | 116 ++++++++++++++++++++++++++++++++++++-- >> 3 files changed, 189 insertions(+), 39 deletions(-) >> > > > Code-wise LGTM. I have a question about the design though. > > Shouldn't we ask for a password confirmation when setting the secret > via secret-passwd? This would be more on par with how 'passwd' works > in Linux, and can also help to prevent user typos when setting a > secret. I don't really think that it's necessary. When you mess up changing of your account password you won't be able to log in thus it's a good idea to make more sure that you didn't miss-type it. With libvirt secrets, it doesn't prevent you from fixing it later as you aren't even asked for the previous value of the secret.