Hello,
the following patches add full support for qcow/qcow2 volume encryption,
assuming a client that supports it.
(Main changes since the previous version:
* Use a separate API for "secret" management
* Auto-generate the encryption format and passphrase if not supplied
See the specific patch change logs for more details; patches without
change logs are entirely new.)
New XML tags are defined to represent encryption parameters (currently
format and passphrase, more can be added in the future), e.g.
<encryption format='qcow'>
<secret type='passphrase'
secret_id='724d95f2-0ed2-6ff9-84d0-0f3d1618428d'/>
</encryption>
The <encryption> tag can be added to a <volume> node passed to
virStorageVolCreateXML() to create an encrypted volume, or to a
<disk> node inside a <domain> to specify what encryption parameters to
use for a domain.
secret_id above refers to a separately-managed secret, which was set
using virSecretSetValue(). Other properties of the secret can be
managed using an XML representation.
Detailed documentation of the formats and features is inside the patches.
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list