On 06/21/2016 08:08 AM, Peter Krempa wrote:
On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote:
Add a new secret type known as "key" - it will handle adding the secret objects that need a key (or passphrase), such as will soon be the case
This may be misleading a "key" is not equal to a "passprhase" in usual encryption terminology. Key usually refers to the actual encryption key used to encrypt the data whereas passprhase is usually a human readable secret string (which may not be random at all) used to access the key later.
The cryptsetup man page tends to treat them interchangably to some extent (eg a key slot equals to passprhase, but the master key refers to the actual encryption key used for the data).
To avoid confusion I'd rather stick with "passphrase".
That was my other choice... 'key' was just shorter and easier to type. I'll make that adjustment, so it'll be: <secret ephemeral='no' private='no'> <uuid>f52a81b2-424e-490c-823d-6bd4235bc572</uuid> <description>Sample Passphrase Secret</description> <usage type='passphrase'> <passphrase>mumblyfratz</passphrase> </usage> </secret> John
for a luks volume for both storage driver create and libvirt domain usage.
Signed-off-by: John Ferlan <jferlan@redhat.com> ---