Print a warning if users pass in secrets as command line arguments and
mention it in the man page.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/manpages/virsh.rst | 3 +++
 tools/virsh-secret.c    | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index a7551b9709..823f130f1c 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -6571,6 +6571,9 @@ Base64-encoded value *base64* or Base-64-encoded contents of file named

 Note that *--file* and *base64* options are mutually exclusive.

+Passing secrets via the *base64* option on command line is INSECURE and
+deprecated. Use the *--file* option instead.
+

 secret-get-value
 ----------------
diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c
index 66852173b5..0ca08bc133 100644
--- a/tools/virsh-secret.c
+++ b/tools/virsh-secret.c
@@ -217,6 +217,10 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd)
         return false;
     }

+    /* warn users that the --base64 option passed from command line is wrong */
+    if (base64)
+        vshError(ctl, _("Passing secret value as command-line argument is insecure!"));
+
     if (filename) {
         ssize_t read_ret;
         if ((read_ret = virFileReadAll(filename, 1024, &file_buf)) < 0) {
-- 
2.24.1

On Fri, Jan 24, 2020 at 05:08:38PM +0100, Peter Krempa wrote:
> Print a warning if users pass in secrets as command line arguments and
> mention it in the man page.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  docs/manpages/virsh.rst | 3 +++
>  tools/virsh-secret.c    | 4 ++++
>  2 files changed, 7 insertions(+)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|