From nobody Thu Feb 12 18:32:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1770902517; cv=none; d=zohomail.com; s=zohoarc; b=Nap5eUtEiQvgTIF5kWH4X0r8PKlUypCbFDd46wWyigda4MH0Az5O3d0j0+cG2TpkDkHJcXgepLBlHNmbUDuYm/mJuYc5Z9j1GmilWQcTwPeovxgzZICaxRUghw1suLgDw+3OGNvbLV22XDUAS+g4yBN/2w7S0JT+bqggh3EYWnM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1770902517; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=KFQf/F9jur7jcQTcAUEzJDn8vguzBRjzYM4SBRiWsEE=; b=QGEuxXbP+lYpoBxXASr4KsGu4z7ng28xBm91LUXuC4Ehne5AhNxZdei3jL8c1OQEdtI3IzHavOcGzXz6/8km9x4DkM9ftd0HVHi2ZgxdgrR+Uzb9eM6+QcC/8Cl8AQSBiCiMd/iKfuV12W5QxR5kAV7lqHmLyx9BZVSzLyG5pN0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1770902517126308.33921619344096; Thu, 12 Feb 2026 05:21:57 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 9A83F44DD3; Thu, 12 Feb 2026 08:21:56 -0500 (EST) Received: from [172.19.199.6] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 7467E45ADA; Thu, 12 Feb 2026 07:52:39 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id AEDD3454B7; Thu, 12 Feb 2026 07:51:23 -0500 (EST) Received: from mx1.osci.io (unknown [8.43.85.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B495D45D99 for ; Thu, 12 Feb 2026 07:39:47 -0500 (EST) Received: by mx1.osci.io (Postfix, from userid 995) id 9244428C86; Tue, 10 Feb 2026 12:57:01 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mx1.osci.io (Postfix) with ESMTPS id 22A5028C84 for ; Tue, 10 Feb 2026 12:57:00 -0500 (EST) Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-248-cgBFbQrlM7yJ3dZSmv0G5A-1; Tue, 10 Feb 2026 12:56:58 -0500 Received: by mail-pf1-f199.google.com with SMTP id d2e1a72fcca58-81efa628efbso4560649b3a.1 for ; Tue, 10 Feb 2026 09:56:57 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.106.234]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-824418a70fesm13782658b3a.45.2026.02.10.09.56.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Feb 2026 09:56:55 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1770746219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KFQf/F9jur7jcQTcAUEzJDn8vguzBRjzYM4SBRiWsEE=; b=A9tNstuglCzQ+vEjAsZTiJRxGaYu4jOJgNa5cFPQ8dAhjpu8X9T8DPdOaf6I9booynAACf +WqT338UeC+VcZNlHfsZ99boo234hDwpV8HuerSjg97Xk6+nln8jsCaW1vraWM1A+mJ+hV 5tefagru766YTHI4rr1tXVVY9nX65mY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1770746219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KFQf/F9jur7jcQTcAUEzJDn8vguzBRjzYM4SBRiWsEE=; b=A9tNstuglCzQ+vEjAsZTiJRxGaYu4jOJgNa5cFPQ8dAhjpu8X9T8DPdOaf6I9booynAACf +WqT338UeC+VcZNlHfsZ99boo234hDwpV8HuerSjg97Xk6+nln8jsCaW1vraWM1A+mJ+hV 5tefagru766YTHI4rr1tXVVY9nX65mY= X-MC-Unique: cgBFbQrlM7yJ3dZSmv0G5A-1 X-Mimecast-MFC-AGG-ID: cgBFbQrlM7yJ3dZSmv0G5A_1770746217 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770746216; x=1771351016; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KFQf/F9jur7jcQTcAUEzJDn8vguzBRjzYM4SBRiWsEE=; b=EBU/1saaOomdjXLVkoqQaXDbGzIJQRzUs6gIyAGwPbomncMCNuFiCULwmr+3Prb4Ok 57KEa3UmcKYXWZs5dABuL7mxxLYiKm/adCSqPtlIJ7ZYWYLt4h5KssIMFPVHes2EyEBO bwTwyWnVF9p9b6vcMOkI3mTL/dUP2yl3XEnxJM4rBOO+a4Sq0Lu3kGnyAf+28O+wF1af /rQef/0ipdY326F5WzDb9c7k77oNRN7sILNpfJDWRzPn1lnSh/N8FZA876KshZ7fkmdN wJZqknzgcJvz6PwIUmf+SnuMaZqaUoniojVQvIqcvWuWBhovxDVpttOydaw6Dx48s0q2 PQ3Q== X-Gm-Message-State: AOJu0YwlM3Igcg+LgMoIOa4hkyNf8MZbAO+DqxA9BC6sVtAs2+r2+j/s ku9p8sODaVxmmsXhvOrS2j+F8yVWijrcAHstp2WDGlNlPs6t3WhZCDZF/WvMB33sdLojptSnST3 GYOQnTRcsmFCDz0/Hk0kCQHkhepi2PRqOjFiRUyTITAEnawjIqFWJqdo2vg1OxQC888yteJ1aG+ 4Iaa2xLvoIHL0UpYNvmIY19ZLq6aU5GYDfLlc/cDR+cA== X-Gm-Gg: AZuq6aKNhCAfd3ZB5uIyIdgisDmk5/AmTyjhX2cROcStZrUhS2OVY1or712KNUzstiI 6jp5aQO9AQ7pHklTAkiWCGD8wJguZxfpWahRfdO3gEdP80uPl5O1+NH8n7NfH8G9ib2mBf/f5Hg D0GV1WZ/73tGnw12chpcq2/VHV6yvpOcSFuW4uYUgvmEpW5Te4BriBWlzLpakhP4XkFajF9HI20 p8Xk4OdGyD82D/QYgwWWe6N0APn8Juba3FNSdVz4vblLklEDBQWmVy1OoMJpU2P0/QtI6ZmAqLH 7kkcrzK3O/FFYggqSux0WWlQ/lqlrQid+JyMaBMgmFLLceG6f0h+uIusLIiKqagnrvcMelnKdEw RbrBqW+27OLfs9alorxQ1G79ZLB2G85KZKNVeL0xFaHELwFbd+R0aMhjXUMO6lB2kfRFHdw== X-Received: by 2002:a05:6a00:198a:b0:823:1726:aedc with SMTP id d2e1a72fcca58-82441728212mr12459143b3a.50.1770746216529; Tue, 10 Feb 2026 09:56:56 -0800 (PST) X-Received: by 2002:a05:6a00:198a:b0:823:1726:aedc with SMTP id d2e1a72fcca58-82441728212mr12459123b3a.50.1770746215995; Tue, 10 Feb 2026 09:56:55 -0800 (PST) To: devel@lists.libvirt.org Subject: [PATCH v6 5/6] secret: Add functionality to load and save secrets in encrypted format Date: Tue, 10 Feb 2026 23:26:42 +0530 Message-ID: <20260210175643.23351-6-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20260210175643.23351-1-armenon@redhat.com> References: <20260210175643.23351-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: aHOEZ0UYxnrdM4G6xLt7nY8O1kJqYeyrpkNmLChKa_Y_1770746217 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 7DAI3NL2FPDUXUALBMLNR5EOG4GTXIZ2 X-Message-ID-Hash: 7DAI3NL2FPDUXUALBMLNR5EOG4GTXIZ2 X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1770902528402154100 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Arun Menon Now that we have the functionality to provide the secrets driver with an encryption key through a configuration file or using system credentials, and the newly introduced array to iterate over the encryption schemes, we can use the key to save and load secrets. Encrypt all secrets that are going to be saved on the disk if the 'secrets_encryption_key' path is set in the secret.conf file OR if a valid systemd generated credential exists. While loading secrets, identify the decryption method by matching the file extension of the stored secret against the known array values. If no matching scheme is found, the secret is skipped. If the encryption key is changed across restarts, then also the secret driver will fail to lo= ad the secrets from the disk that were encrypted with the former key. Signed-off-by: Arun Menon Co-authored-by: Peter Krempa --- src/conf/virsecretobj.c | 204 ++++++++++++++++++++++++++----------- src/conf/virsecretobj.h | 14 ++- src/secret/secret_driver.c | 18 +++- 3 files changed, 172 insertions(+), 64 deletions(-) diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c index a3dd7983bb..b448be493a 100644 --- a/src/conf/virsecretobj.c +++ b/src/conf/virsecretobj.c @@ -31,6 +31,10 @@ #include "virhash.h" #include "virlog.h" #include "virstring.h" +#include "virsecret.h" +#include "virrandom.h" +#include "vircrypto.h" +#include "virsecureerase.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -45,6 +49,16 @@ struct _virSecretObj { size_t value_size; }; =20 +typedef struct _virSecretSchemeInfo { + const char *suffix; + virCryptoCipher cipher; +} virSecretSchemeInfo; + +virSecretSchemeInfo schemeInfo[] =3D { + { ".aes256cbc", VIR_CRYPTO_CIPHER_AES256CBC }, + { ".base64", -1 }, +}; + static virClass *virSecretObjClass; static virClass *virSecretObjListClass; static void virSecretObjDispose(void *obj); @@ -377,12 +391,14 @@ virSecretObjListAdd(virSecretObjList *secrets, =20 if (!(obj =3D virSecretObjNew())) goto cleanup; - /* Generate the possible configFile and secretValueFile strings - * using the configDir, uuidstr, and appropriate suffix + * using the configDir, uuidstr, and appropriate suffix. + * Note that secretValueFile extension is not set here. It is dete= rmined + * based on a) existing availability of secret file (virSecretLoad= Value) or + * b) target storage format (virSecretObjSaveData) */ if (!(obj->configFile =3D virFileBuildPath(configDir, uuidstr, ".x= ml")) || - !(obj->secretValueFile =3D virFileBuildPath(configDir, uuidstr= , ".base64"))) + !(obj->secretValueFile =3D virFileBuildPath(configDir, uuidstr= , NULL))) goto cleanup; =20 if (virHashAddEntry(secrets->objs, uuidstr, obj) < 0) @@ -654,9 +670,15 @@ virSecretObjDeleteConfig(virSecretObj *obj) void virSecretObjDeleteData(virSecretObj *obj) { + size_t i; + /* The configFile will already be removed, so secret won't be * loaded again if this fails */ - unlink(obj->secretValueFile); + for (i =3D 0; i < G_N_ELEMENTS(schemeInfo); i++) { + g_autofree char *deleteFile =3D g_strconcat(obj->secretValueFile, = schemeInfo[i].suffix, NULL); + + ignore_value(unlink(deleteFile)); + } } =20 =20 @@ -682,18 +704,69 @@ virSecretObjSaveConfig(virSecretObj *obj) =20 =20 int -virSecretObjSaveData(virSecretObj *obj) +virSecretObjSaveData(virSecretObj *obj, + bool encryptData, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen) { g_autofree char *base64 =3D NULL; + g_autofree char *filename =3D NULL; + size_t i; + g_autofree unsigned char *secretbuf =3D NULL; + const unsigned char *secret =3D NULL; + size_t secretLen =3D 0; =20 if (!obj->value) return 0; =20 - base64 =3D g_base64_encode(obj->value, obj->value_size); + /* Based on whether encryption is on/off, save the secret in either + * the latest encryption scheme or in base64 formats. + * Subsequently, delete the other formats of the same uuid on the disk. + */ + if (encryptData && secretsEncryptionKey) { + g_autofree uint8_t *encryptedValue =3D NULL; + size_t encryptedValueLen =3D 0; + const size_t ivlen =3D 16; + g_autofree unsigned char *ivbuf =3D g_new0(unsigned char, ivlen); + + filename =3D g_strconcat(obj->secretValueFile, schemeInfo[0].suffi= x, NULL); + + if (virRandomBytes(ivbuf, ivlen) < 0) + return -1; + + if (virCryptoEncryptData(schemeInfo[0].cipher, + secretsEncryptionKey, secretsKeyLen, + ivbuf, ivlen, + (uint8_t *)obj->value, obj->value_size, + &encryptedValue, &encryptedValueLen) < 0) + return -1; + + ivbuf =3D g_realloc(ivbuf, ivlen + encryptedValueLen); + memcpy(ivbuf + ivlen, encryptedValue, encryptedValueLen); + + secretbuf =3D g_steal_pointer(&ivbuf); + secret =3D secretbuf; + secretLen =3D ivlen + encryptedValueLen; + } else { + filename =3D g_strconcat(obj->secretValueFile, schemeInfo[G_N_ELEM= ENTS(schemeInfo) - 1].suffix, NULL); + secret =3D (unsigned char *) obj->value; + secretLen =3D obj->value_size; + } + + base64 =3D g_base64_encode(secret, secretLen); =20 - if (virFileRewriteStr(obj->secretValueFile, S_IRUSR | S_IWUSR, base64)= < 0) + if (virFileRewriteStr(filename, S_IRUSR | S_IWUSR, base64) < 0) return -1; =20 + for (i =3D 0; i < G_N_ELEMENTS(schemeInfo); i++) { + g_autofree char *deleteFile =3D g_strconcat(obj->secretValueFile, = schemeInfo[i].suffix, NULL); + + if (STREQ(filename, deleteFile)) + continue; + + ignore_value(unlink(deleteFile)); + } + return 0; } =20 @@ -737,7 +810,10 @@ virSecretObjGetValue(virSecretObj *obj) int virSecretObjSetValue(virSecretObj *obj, const unsigned char *value, - size_t value_size) + size_t value_size, + bool encryptData, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen) { virSecretDef *def =3D obj->def; g_autofree unsigned char *old_value =3D NULL; @@ -753,7 +829,10 @@ virSecretObjSetValue(virSecretObj *obj, obj->value =3D g_steal_pointer(&new_value); obj->value_size =3D value_size; =20 - if (!def->isephemeral && virSecretObjSaveData(obj) < 0) + if (!def->isephemeral && virSecretObjSaveData(obj, + encryptData, + secretsEncryptionKey, + secretsKeyLen) < 0) goto error; =20 /* Saved successfully - drop old value */ @@ -807,60 +886,65 @@ virSecretLoadValidateUUID(virSecretDef *def, =20 =20 static int -virSecretLoadValue(virSecretObj *obj) -{ - int ret =3D -1, fd =3D -1; - struct stat st; - g_autofree char *contents =3D NULL; +virSecretLoadValue(virSecretObj *obj, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen) +{ + const size_t secretFileMaxLen =3D 10 * 1024 * 1024; /* more won't fit = in the RPC buffer */ + size_t i; + + /* Find the file and match the storage scheme based on suffix. */ + for (i =3D 0; i < G_N_ELEMENTS(schemeInfo); i++) { + g_autofree char *filename =3D g_strconcat(obj->secretValueFile, + schemeInfo[i].suffix, NULL= ); + g_autofree char *filecontent =3D NULL; + int filelen =3D 0; + g_autofree unsigned char *decoded =3D NULL; + size_t decodedlen =3D 0; + + if (!virFileExists(filename)) + continue; =20 - if ((fd =3D open(obj->secretValueFile, O_RDONLY)) =3D=3D -1) { - if (errno =3D=3D ENOENT) { - ret =3D 0; - goto cleanup; - } - virReportSystemError(errno, _("cannot open '%1$s'"), - obj->secretValueFile); - goto cleanup; - } + if ((filelen =3D virFileReadAll(filename, secretFileMaxLen, &filec= ontent)) < 0) + return -1; =20 - if (fstat(fd, &st) < 0) { - virReportSystemError(errno, _("cannot stat '%1$s'"), - obj->secretValueFile); - goto cleanup; - } + filecontent =3D g_realloc(filecontent, filelen + 1); + filecontent[filelen] =3D '\0'; =20 - if ((size_t)st.st_size !=3D st.st_size) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("'%1$s' file does not fit in memory"), - obj->secretValueFile); - goto cleanup; - } + decoded =3D g_base64_decode(filecontent, &decodedlen); =20 - if (st.st_size < 1) { - ret =3D 0; - goto cleanup; - } + virSecureErase(filecontent, filelen); =20 - contents =3D g_new0(char, st.st_size + 1); + if (schemeInfo[i].cipher =3D=3D -1) { + obj->value =3D g_steal_pointer(&decoded); + obj->value_size =3D decodedlen; + } else { + size_t ivlen =3D 16; + int rc; =20 - if (saferead(fd, contents, st.st_size) !=3D st.st_size) { - virReportSystemError(errno, _("cannot read '%1$s'"), - obj->secretValueFile); - goto cleanup; - } - contents[st.st_size] =3D '\0'; + if (decodedlen < ivlen) { + virReportError(VIR_ERR_INVALID_SECRET, + _("Encrypted secret size '%1$zu' is invalid= "), + obj->value_size); =20 - VIR_FORCE_CLOSE(fd); + virSecureErase(decoded, decodedlen); + return -1; + } =20 - obj->value =3D g_base64_decode(contents, &obj->value_size); + rc =3D virCryptoDecryptData(schemeInfo[i].cipher, + secretsEncryptionKey, secretsKeyLen, + decoded, ivlen, /* initialization ve= ctor is stored at start of the buffer */ + decoded + ivlen, decodedlen - ivlen, + &obj->value, &obj->value_size); =20 - ret =3D 0; + virSecureErase(decoded, decodedlen); =20 - cleanup: - if (contents !=3D NULL) - memset(contents, 0, st.st_size); - VIR_FORCE_CLOSE(fd); - return ret; + if (rc < 0) + return -1; + } + } + + return 0; } =20 =20 @@ -868,7 +952,9 @@ static virSecretObj * virSecretLoad(virSecretObjList *secrets, const char *file, const char *path, - const char *configDir) + const char *configDir, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen) { g_autoptr(virSecretDef) def =3D NULL; virSecretObj *obj =3D NULL; @@ -882,7 +968,7 @@ virSecretLoad(virSecretObjList *secrets, if (!(obj =3D virSecretObjListAdd(secrets, &def, configDir, NULL))) return NULL; =20 - if (virSecretLoadValue(obj) < 0) { + if (virSecretLoadValue(obj, secretsEncryptionKey, secretsKeyLen) < 0) { virSecretObjListRemove(secrets, obj); g_clear_pointer(&obj, virObjectUnref); return NULL; @@ -894,7 +980,9 @@ virSecretLoad(virSecretObjList *secrets, =20 int virSecretLoadAllConfigs(virSecretObjList *secrets, - const char *configDir) + const char *configDir, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen) { g_autoptr(DIR) dir =3D NULL; struct dirent *de; @@ -915,7 +1003,9 @@ virSecretLoadAllConfigs(virSecretObjList *secrets, if (!(path =3D virFileBuildPath(configDir, de->d_name, NULL))) continue; =20 - if (!(obj =3D virSecretLoad(secrets, de->d_name, path, configDir))= ) { + if (!(obj =3D virSecretLoad(secrets, de->d_name, path, configDir, + secretsEncryptionKey, + secretsKeyLen))) { VIR_ERROR(_("Error reading secret: %1$s"), virGetLastErrorMessage()); continue; diff --git a/src/conf/virsecretobj.h b/src/conf/virsecretobj.h index 17897c5513..4e872f7b29 100644 --- a/src/conf/virsecretobj.h +++ b/src/conf/virsecretobj.h @@ -86,7 +86,10 @@ int virSecretObjSaveConfig(virSecretObj *obj); =20 int -virSecretObjSaveData(virSecretObj *obj); +virSecretObjSaveData(virSecretObj *obj, + bool encryptData, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen); =20 virSecretDef * virSecretObjGetDef(virSecretObj *obj); @@ -101,7 +104,10 @@ virSecretObjGetValue(virSecretObj *obj); int virSecretObjSetValue(virSecretObj *obj, const unsigned char *value, - size_t value_size); + size_t value_size, + bool encryptData, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen); =20 size_t virSecretObjGetValueSize(virSecretObj *obj); @@ -112,4 +118,6 @@ virSecretObjSetValueSize(virSecretObj *obj, =20 int virSecretLoadAllConfigs(virSecretObjList *secrets, - const char *configDir); + const char *configDir, + uint8_t *secretsEncryptionKey, + size_t secretsKeyLen); diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 9b13772ad3..2f4ac60f5a 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -229,7 +229,10 @@ secretDefineXML(virConnectPtr conn, =20 if (!objDef->isephemeral) { if (backup && backup->isephemeral) { - if (virSecretObjSaveData(obj) < 0) + if (virSecretObjSaveData(obj, + driver->configDir, + driver->config->secretsEncryptionKey, + driver->config->secretsKeyLen) < 0) goto restore_backup; } =20 @@ -333,7 +336,10 @@ secretSetValue(virSecretPtr secret, if (virSecretSetValueEnsureACL(secret->conn, def) < 0) goto cleanup; =20 - if (virSecretObjSetValue(obj, value, value_size) < 0) + if (virSecretObjSetValue(obj, value, value_size, + driver->configDir, + driver->config->secretsEncryptionKey, + driver->config->secretsKeyLen) < 0) goto cleanup; =20 event =3D virSecretEventValueChangedNew(def->uuid, @@ -542,7 +548,9 @@ secretStateInitialize(bool privileged, if (!(driver->secrets =3D virSecretObjListNew())) goto error; =20 - if (virSecretLoadAllConfigs(driver->secrets, driver->configDir) < 0) + if (virSecretLoadAllConfigs(driver->secrets, driver->configDir, + driver->config->secretsEncryptionKey, + driver->config->secretsKeyLen) < 0) goto error; =20 return VIR_DRV_STATE_INIT_COMPLETE; @@ -564,7 +572,9 @@ secretStateReload(void) if (!(driver->config =3D virSecretDaemonConfigNew(driver->privileged))) return -1; =20 - ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDi= r)); + ignore_value(virSecretLoadAllConfigs(driver->secrets, driver->configDi= r, + driver->config->secretsEncryption= Key, + driver->config->secretsKeyLen)); =20 return 0; } --=20 2.51.1