Hello,
the following patches add full support for qcow/qcow2 volume encryption,
assuming a client that supports it.
(Main changes since the previous version:
* Add "flags" argument to virSecretDefineXML(), virSecretGetXMLDesc(),
virSecretSetValue(), virSecretGetValue()
* Various clean-ups and bug fixes in the local secret storage driver
* Make the Python API more consistent with other objects
See the specific patch change logs for more details; patches without
change logs are unchanged.)
New XML tags are defined to represent encryption parameters (currently
format and passphrase, more can be added in the future), e.g.
<encryption format='qcow'>
<secret type='passphrase'
uuid='724d95f2-0ed2-6ff9-84d0-0f3d1618428d'/>
</encryption>
The <encryption> tag can be added to a <volume> node passed to
virStorageVolCreateXML() to create an encrypted volume, or to a
<disk> node inside a <domain> to specify what encryption parameters to
use for a domain.
uuid above refers to a separately-managed secret, which was created
using virSecretDefineXML() and set using virSecretSetValue(). Other
properties of the secret can be managed using an XML representation.
Detailed documentation of the formats and features is inside the patches.