On Wed, Jun 01, 2016 at 09:04:00 -0400, John Ferlan wrote: [...] > In a way I was hoping that the ",data=" option could have been used, but > that leaves a base64 encoded master key on the command line along with > the base64 encoded secret and iv, which yes, would allow someone > sufficiently privileged enough to read any logs the ability to decipher > the secret. Not only log files. A straight ps -ef would disclose everything needed for somebody to know the password. As it was iterated a few times already, the passwords need to be kept secret by either encrypting them by a secret key (which needs to be passed via a file, there is no other way) or by passing them via a file. If you disclose the key along with the encrypted data it's no longer a secret. It's basically the same as base64 encoding. Humans can't read it. Hackers can. I thought that was clear enough. So you will never get around using a file. Also that's the reason why I object in supporting any insecure way to pass the data. Peter -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list