git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Arun Menon <armenon@redhat.com>
	Tue, 10 Feb 2026 17:56:40 +0000 (23:26 +0530)
committer	Peter Krempa <pkrempa@redhat.com>
	Thu, 12 Feb 2026 16:07:58 +0000 (17:07 +0100)
commit	1c86748cf140a8710d6d8ec3ab3a2bd10ceeac67
tree	d8873bf9ca0dd904cc855be97c8037dc77a27f24	tree
parent	97758bc9a0b1fccf8c0009308658f1204b113b89	commit \| diff

secret: Add secret.conf configuration file and parse it

A new configuration file called secret.conf is introduced to
let the user configure the path to the secrets encryption key.
This key will be used to encrypt/decrypt the secrets in libvirt.

By default the path is set to the runtime directory
/run/libvirt/secrets, and it is commented in the config file.
After parsing the file, the virtsecretd driver checks if an
encryption key is present in the path and is valid.

If no encryption key is present in the path, then
the service will by default use the encryption key stored in the
CREDENTIALS_DIRECTORY.

Add logic to parse the encryption key file and store the key.
It also checks for the encrypt_data attribute in the config file.
The encryption and decryption logic will be added in the subsequent patches.

Signed-off-by: Arun Menon <armenon@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

include/libvirt/virterror.h		diff \| blob \| blame \| history
libvirt.spec.in		diff \| blob \| blame \| history
po/POTFILES		diff \| blob \| blame \| history
src/secret/libvirt_secrets.aug	[new file with mode: 0644]	blob
src/secret/meson.build		diff \| blob \| blame \| history
src/secret/secret.conf.in	[new file with mode: 0644]	blob
src/secret/secret_config.c	[new file with mode: 0644]	blob
src/secret/secret_config.h	[new file with mode: 0644]	blob
src/secret/secret_driver.c		diff \| blob \| blame \| history
src/secret/test_libvirt_secrets.aug.in	[new file with mode: 0644]	blob
src/util/virerror.c		diff \| blob \| blame \| history