Searched hist:"60390 a21" (Results 1 – 1 of 1) sorted by relevance
/qemu/block/ |
H A D | rbd.c | 60390a21 Thu Jan 21 14:19:19 GMT 2016 Daniel P. Berrange <berrange@redhat.com> rbd: add support for getting password from QCryptoSecret object
Currently RBD passwords must be provided on the command line via
$QEMU -drive file=rbd:pool/image:id=myname:\ key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\ auth_supported=cephx
This is insecure because the key is visible in the OS process listing.
This adds support for an 'password-secret' parameter in the RBD parameters that can be used with the QCryptoSecret object to provide the password via a file:
echo "QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=" > poolkey.b64 $QEMU -object secret,id=secret0,file=poolkey.b64,format=base64 \ -drive driver=rbd,filename=rbd:pool/image:id=myname:\ auth_supported=cephx,password-secret=secret0
Reviewed-by: Josh Durgin <jdurgin@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1453385961-10718-2-git-send-email-berrange@redhat.com Signed-off-by: Jeff Cody <jcody@redhat.com>
|