Re: [PATCH 4/5] secret: Add encryptionSchemeType attribute to store ciphers

Fri, 12 Dec 2025 02:18:43 -0800 

On Tue, Dec 09, 2025 at 01:22:30 +0530, Arun Menon via Devel wrote:
> The new attribute will store the available cipher modes with which secrets
> can be encrypted. At the moment only aes256cbc encryption method is used.
> This can be extended in future with other modes of cipher.
> 
> Rename the file-name structure attribute from base64File to secretValueFile.
> 
> Signed-off-by: Arun Menon <[email protected]>
> ---
>  src/conf/secret_conf.c  |  6 ++++++
>  src/conf/secret_conf.h  |  9 +++++++++
>  src/conf/virsecretobj.c | 22 +++++++++++-----------
>  3 files changed, 26 insertions(+), 11 deletions(-)
> 
> diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
> index 966536599e..dd808aa21a 100644
> --- a/src/conf/secret_conf.c
> +++ b/src/conf/secret_conf.c
> @@ -32,6 +32,12 @@
>  
>  #define VIR_FROM_THIS VIR_FROM_SECRET
>  
> +VIR_ENUM_IMPL(virSecretEncryptionScheme,
> +              VIR_SECRET_ENCRYPTION_SCHEME_LAST,
> +              "none",
> +              "aes256cbc",
> +);
> +
>  VIR_LOG_INIT("conf.secret_conf");

Any reason for this to be in conf/secret_conf ?

It's not used in the XML, but rather an impl detail of the secret
driver.




>  
>  void
> diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h
> index 8f8f47933a..c11558357e 100644
> --- a/src/conf/secret_conf.h
> +++ b/src/conf/secret_conf.h
> @@ -21,6 +21,7 @@
>  #pragma once
>  
>  #include "internal.h"
> +#include "virenum.h"
>  
>  typedef struct _virSecretDef virSecretDef;
>  struct _virSecretDef {
> @@ -32,6 +33,12 @@ struct _virSecretDef {
>      char *usage_id; /* May be NULL */
>  };
>  
> +typedef enum {
> +    VIR_SECRET_ENCRYPTION_SCHEME_NONE = 0,
> +    VIR_SECRET_ENCRYPTION_SCHEME_AES256CBC = 1,
> +    VIR_SECRET_ENCRYPTION_SCHEME_LAST
> +} virSecretEncryptionScheme;
> +
>  void virSecretDefFree(virSecretDef *def);
>  G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecretDef, virSecretDefFree);
>  
> @@ -53,3 +60,5 @@ char *virSecretDefFormat(const virSecretDef *def);
>  #define VIR_CONNECT_LIST_SECRETS_FILTERS_ALL \
>                  (VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL  | \
>                   VIR_CONNECT_LIST_SECRETS_FILTERS_PRIVATE)
> +
> +VIR_ENUM_DECL(virSecretEncryptionScheme);
> diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c
> index 66270e2751..a3dd7983bb 100644
> --- a/src/conf/virsecretobj.c
> +++ b/src/conf/virsecretobj.c
> @@ -39,7 +39,7 @@ VIR_LOG_INIT("conf.virsecretobj");
>  struct _virSecretObj {
>      virObjectLockable parent;
>      char *configFile;
> -    char *base64File;
> +    char *secretValueFile;

Rename of this field is okay to stay as a separate patch.

Reply via email to