Secret values are stored effectively in plaintext on a disk and we rely on file perms to secure them. But with systemd-cred we can use system's TPM chip and encrypt them. Such secrets won't be transferable to another system by simply copying files stored on disk, but: a) that's not recommended way anyway, b) one can argue secrets shouldn't be migrated anyway. Future work consists of encrypting secret values even when stored in memory, as it's now possible to obtain secrets by dumping memory of virsecretd. Though, to dump a memory admin rights are required at which point users can just read values stored on disk (which is not true for ephemeral secrets). Michal Prívozník (4): virsecret: Introduce APIs to talk to systemd-cred conf: Introduce @tpm attribute to <secret/> virsecretobj: Encrypt/decrypt secrets using TPM NEWS: Document new virSecret TPM feature NEWS.rst | 6 + docs/formatsecret.rst | 8 +- src/conf/schemas/secret.rng | 5 + src/conf/secret_conf.c | 17 +++ src/conf/secret_conf.h | 2 + src/conf/virsecretobj.c | 32 ++++- src/libvirt_private.syms | 3 + src/secret/secret_driver.c | 7 + src/util/virsecret.c | 170 +++++++++++++++++++++++ src/util/virsecret.h | 10 ++ tests/secretxml2xmlin/usage-tpm-vtpm.xml | 7 + tests/secretxml2xmltest.c | 1 + 12 files changed, 263 insertions(+), 5 deletions(-) create mode 100644 tests/secretxml2xmlin/usage-tpm-vtpm.xml -- 2.43.0 _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
