formatsecret.html.in 2.2 KB
Newer Older
M
Miloslav Trmač 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
<html>
  <body>
    <h1>Secret XML format</h1>

    <ul id="toc"></ul>

    <h2><a name="SecretAttributes">Secret XML</a></h2>

    <p>
      Secrets stored by libvirt may have attributes associated with them, using
      the <code>secret</code> element.  The <code>secret</code> element has two
      optional attributes, each with values '<code>yes</code>' and
      '<code>no</code>', and defaulting to '<code>no</code>':
    </p>
    <dl>
      <dt><code>ephemeral</code></dt>
      <dd>This secret must only be kept in memory, never stored persistently.
      </dd>
      <dt><code>private</code></dt>
      <dd>The value of the secret must not be revealed to any caller of libvirt,
        nor to any other node.
      </dd>
    </dl>
    <p>
      The top-level <code>secret</code> element may contain the following
      elements:
    </p>
    <dl>
      <dt><code>uuid</code></dt>
      <dd>
        An unique identifier for this secret (not necessarily in the UUID
        format).  If omitted when defining a new secret, a random UUID is
        generated.
      </dd>
      <dt><code>description</code></dt>
      <dd>A human-readable description of the purpose of the secret.
      </dd>
M
Miloslav Trmač 已提交
38 39
      <dt><code>usage</code></dt>
      <dd>
M
Matthew Booth 已提交
40 41 42 43
        Specifies what this secret is used for.  A mandatory
        <code>type</code> attribute specifies the usage category, currently
        only <code>volume</code> is defined.  Specific usage categories are
        described below.
M
Miloslav Trmač 已提交
44
      </dd>
M
Miloslav Trmač 已提交
45 46
    </dl>

M
Miloslav Trmač 已提交
47 48 49 50 51 52 53 54 55 56
    <h3>Usage type "volume"</h3>

    <p>
      This secret is associated with a volume, and it is safe to delete the
      secret after the volume is deleted.  The <code>&lt;usage
      type='volume'&gt;</code> element must contain a
      single <code>volume</code> element that specifies the key of the volume
      this secret is associated with.
    </p>

M
Miloslav Trmač 已提交
57 58 59 60 61
    <h2><a name="example">Example</a></h2>

    <pre>
      &lt;secret ephemeral='no' private='yes'&gt;
         &lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
M
Miloslav Trmač 已提交
62 63 64
         &lt;usage type='volume'&gt;
            &lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
         &lt;/usage&gt;
M
Miloslav Trmač 已提交
65 66 67
      &lt;/secret&gt;</pre>
  </body>
</html>