Re: [PATCH v2 9/9] docs: secret: Unify and sanitize examples on how to set secret value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 24, 2020 at 10:41:00 -0600, Eric Blake wrote:
> On 1/24/20 10:08 AM, Peter Krempa wrote:
> > Discourage passing secrets as commandline arguments.
> > 
> > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> > ---
> >   docs/formatsecret.html.in | 88 +++++++++++++++++++++++++--------------
> >   1 file changed, 57 insertions(+), 31 deletions(-)
> > 
> 
> > 
> > +    <h2><a id="settingSecrets">Setting secret values in virsh</a></h2>
> > +
> 
> > +    </pre>
> > +
> > +    <p>
> > +      The secret can also be set via an argument, but note that other users
> > +      may see it in the process listing output. The secret must be base64
> > +      encoded.
> 
> Is this last sentence still accurate, given that you can pass --plain to
> avoid base64 encoding?

I didn't allow to use --plain together with passing it on the command
line. --plain works only in conjunction with --file. I didn't see a
point of adding new features to an insecure way of doing things.

> Should the note use <b> or other formatting to call attention to the
> security risk of doing it this way?

Yeah, I can add it.





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux