On 10/03/2015 19:13, Daniel P. Berrange wrote:
> FWIW, I could see an improved interaction scheme working as follows
>
> First, introduce a new monitor command for setting named passwords,
>
> add_key mykey1 SECRETDATA
Or reuse object_add:
object_add secret,id=mykey1,secret=SECRETDATA
> Now, extend the blockdev_add so that you can provide key names
> by adding
>
> 'keyname': 'mykey1'
>
> as a parameter in the json args.
You can also add a command line option:
-secret id=mykey1,secret=SECRETDATA
or possibly:
-object secret,id=mykey1,secret=SECRETDATA
> For cold plug, have a command line arg '--add-keys prompt' to
> indicate the user should be prompted on TTY to enter keys,
This can even be the default if you have a human monitor open.
(Downside: the default human monitor, accessible with Ctrl-Alt-2, is not
easily discovered; same for Ctrl-A c for -nographic).
> For managed usage we could allow
> '--add-keys fd=FDNUM' and just read keys from the file descriptor.
For managed usage, options can also be passed via -readconfig like
[object "mykey1"]
type=secret
secret=SECRETDATA
Paolo
