On 1/21/20 10:03 AM, Peter Krempa wrote:
> On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
>>
>>
>> On 1/10/20 12:42 PM, Peter Krempa wrote:
>>> The currently existing virsh APIs for secrets are awful for human use
>>> and don't promote security.
>>>
>>> Peter Krempa (4):
>>> virsh: secret: Add 'secret-passwd' command
>>> virsh: secret: Allow getting secret's value without base64 encoding
>>> virsh: secret: Allow setting secrets from file
>>> docs: secret: Unify and sanitize examples on how to set secret value
>>>
>>> docs/formatsecret.html.in | 86 ++++++++++++++++++----------
>>> docs/manpages/virsh.rst | 26 ++++++++-
>>> tools/virsh-secret.c | 116 ++++++++++++++++++++++++++++++++++++--
>>> 3 files changed, 189 insertions(+), 39 deletions(-)
>>>
>>
>>
>> Code-wise LGTM. I have a question about the design though.
>>
>> Shouldn't we ask for a password confirmation when setting the secret
>> via secret-passwd? This would be more on par with how 'passwd' works
>> in Linux, and can also help to prevent user typos when setting a
>> secret.
>
> I don't really think that it's necessary. When you mess up changing of
> your account password you won't be able to log in thus it's a good idea
> to make more sure that you didn't miss-type it.
>
> With libvirt secrets, it doesn't prevent you from fixing it later as you
> aren't even asked for the previous value of the secret.
Those are fair points. I agree.
All patches:
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
>